Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 19, 2024, 2:17 p.m.	Aug. 19, 2024, 2:37 p.m.

Size	885.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`134e67601937b96d67555408ef47111a`
SHA256	`308f1e4f69b4b78371f73e3cd88f2b8db7cceb30b7fbdfd9381bf0a6111805f1`
CRC32	`B97A485F`
ssdeep	`24576:kUWjEmPLnItrxT7jQBODcKwmFPQTdDAEGDdIqGg:kmmPLnIhxvsBODcKBFPQTRAEEIqj`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

steamcommunityup.exe "C:\Users\test22\AppData\Local\Temp\steamcommunityup.exe"
2576

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:17 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 19, 2024, 2:17 p.m.	process_identifier: 2576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734c2000 process_handle: 0xffffffff	1	0	0

name

RT_MANIFEST

language

LANG_CHINESE

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001592e4

size

0x000001e1

section

{u'size_of_data': u'0x000d6600', u'virtual_address': u'0x0007c000', u'entropy': 7.849562768227814, u'name': u'UPX1', u'virtual_size': u'0x000d7000'}

entropy

7.84956276823

description

A section with a high entropy has been found

entropy

0.970022624434

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.TrojanAitInject.cc
ALYac	Trojan.GenericKD.66127802
Cylance	Unsafe
VIPRE	Trojan.GenericKD.66127802
Sangfor	Trojan.Win32.Agent.Vra6
BitDefender	Trojan.GenericKD.66127802
Cybereason	malicious.01937b
Arcabit	Trojan.Generic.D3F107BA
VirIT	Trojan.Win32.Crypt5.MKJ
tehtris	Generic.Malware
APEX	Malicious
McAfee	Artemis!134E67601937
ClamAV	Win.Malware.Generic-9952838-0
MicroWorld-eScan	Trojan.GenericKD.66127802
Emsisoft	Trojan.GenericKD.66127802 (B)
McAfeeD	ti!308F1E4F69B4
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.134e67601937b96d
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.SelfDel
Jiangmin	Trojan.Selfdel.rvj
Webroot	W32.Malware.Gen
Google	Detected
MAX	malware (ai score=81)
Antiy-AVL	Trojan[Dropper]/Win32.Dorifel
Gridinsoft	Ransom.Win32.Bladabindi.oa!s2
Microsoft	Trojan:Win32/Wacatac.A!ml
GData	Trojan.GenericKD.66127802
Varist	W32/ABTrojan.CTJC-5429
DeepInstinct	MALICIOUS
VBA32	Backdoor.Bladabindi
Malwarebytes	Malware.AI.2852723073
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09ET24
Yandex	Trojan.GenAsa!NHzzuRkQa3Y
MaxSecure	Trojan.Malware.206229714.susgen
Fortinet	W32/PossibleThreat
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
alibabacloud	Suspicious

steamcommunityup.exe