Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2:18 p.m.	Aug. 19, 2024, 2:43 p.m.

Size	1.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c2e60013e06179236d27f81811f848df`
SHA256	`8392b2c78be26a25560a890657a205e6ef0f6ef5865b134d587d0f1c9fc5a1c8`
CRC32	`CA635343`
ssdeep	`49152:ufKtqFpiuqBwCiDQokPDh8RjOdMl8RjOdM68RjOdM:ufKtqFzqBwCiDQoeDh8BuMl8BuM68BuM`
Yara	AutoIt - autoit PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:18 p.m.			0	0
IsDebuggerPresent Aug. 19, 2024, 2:18 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 19, 2024, 2:18 p.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'}

entropy

7.94096585609

description

A section with a high entropy has been found

entropy

0.911450381679

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.lNoD
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Injector.tc
ALYac	Trojan.Generic.36661774
Cylance	Unsafe
VIPRE	Trojan.Generic.36661774
Sangfor	Trojan.Win32.Packed.V8y5
K7AntiVirus	Trojan ( 0056316d1 )
BitDefender	Trojan.Generic.36661774
K7GW	Trojan ( 0056316d1 )
Cybereason	malicious.3e0617
Arcabit	Trojan.Generic.D4590F65 [many]
VirIT	Trojan.Win32.Generic.XTX
ESET-NOD32	a variant of Win32/Packed.Autoit.NBT suspicious
APEX	Malicious
McAfee	Artemis!C2E60013E061
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Generic-6651791-0
Kaspersky	Trojan.Win32.Agentb.mfip
Alibaba	Packed:Win32/Generic.09eb57d0
MicroWorld-eScan	Trojan.Generic.36661774
Emsisoft	Trojan.Generic.36661774 (B)
DrWeb	Trojan.Siggen5.59949
Zillya	Trojan.AutoIT.Win32.188833
McAfeeD	ti!8392B2C78BE2
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.c2e60013e0617923
Sophos	Mal/Generic-S
Ikarus	PUA.Autoit
Webroot	W32.Malware.gen
Google	Detected
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Packed]/Win32.Autoit
Gridinsoft	Trojan.Win32.CoinMiner.dd!s2
Xcitium	TrojWare.Win32.Hider.REXR@5364l6
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm	Trojan.Win32.Agentb.mfip
GData	Win32.Trojan.PSE.R2WKDE
Varist	W32/Trojan.IJBN-1595
AhnLab-V3	Worm/Win.YahLover.C4396559
DeepInstinct	MALICIOUS
VBA32	IMWorm.Sohanad
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R002H0CET24
Yandex	Trojan.GenAsa!i9rai7w7/WE
Fortinet	Riskware/Generic_PUA_DN
AVG	Win32:Malware-gen

RunGameADD.exe