Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2:18 p.m.	Aug. 19, 2024, 2:32 p.m.

Size	777.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`62a18cdbe8e50b650590b503f34fd657`
SHA256	`f616ad45e258bbb7d21a33a6405cbdbeed1eb46532dc1225d6313c66039b72a2`
CRC32	`BC1F0974`
ssdeep	`12288:WfnnK9zABs+TbFx9SXOPCf8DkqAR8zHP8S0cqOwKeHBfqjpRmHJMn8XmKnI:WfK9zUHFpi8/PP04wKeHpe8o`
Yara	AutoIt - autoit PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:18 p.m.			0	0
IsDebuggerPresent Aug. 19, 2024, 2:18 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 19, 2024, 2:18 p.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'}

entropy

7.94096585609

description

A section with a high entropy has been found

entropy

0.911450381679

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Genome.linK
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
McAfee	RDN/YahLover.worm
ALYac	Trojan.GenericKD.66127819
Cylance	Unsafe
VIPRE	Trojan.GenericKD.66127819
Sangfor	Trojan.Win32.Packed.Vheu
K7AntiVirus	Trojan ( 005631b11 )
BitDefender	Trojan.GenericKD.66127819
K7GW	Trojan ( 005631b11 )
Cybereason	malicious.be8e50
Arcabit	Trojan.Generic.D3F107CB
VirIT	Trojan.Win32.Generic.XTX
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/Packed.Autoit.NBT suspicious
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Malware.Generic-6651791-0
Kaspersky	Trojan.Win32.Agentb.mfid
Alibaba	Packed:Win32/YahLover.1db3582f
MicroWorld-eScan	Trojan.GenericKD.66127819
Emsisoft	Trojan.GenericKD.66127819 (B)
DrWeb	Trojan.Siggen5.59949
TrendMicro	TROJ_GEN.R002C0PF424
McAfeeD	ti!F616AD45E258
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.62a18cdbe8e50b65
Sophos	Mal/Generic-S
Ikarus	PUA.Autoit
Webroot	W32.Malware.gen
Google	Detected
MAX	malware (ai score=89)
Antiy-AVL	Trojan[Packed]/Win32.Autoit
Gridinsoft	Trojan.Win32.CoinMiner.dd!s2
Xcitium	TrojWare.Win32.Hider.REXR@5364l6
Microsoft	Program:Win32/Wacapew.C!ml
ViRobot	Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm	Trojan.Win32.Agentb.mfid
GData	Win32.Trojan.PSE.R2WKDE
Varist	W32/Trojan.IJBN-1595
DeepInstinct	MALICIOUS
VBA32	IMWorm.Sohanad
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R002C0PF424
Yandex	Trojan.GenAsa!i9rai7w7/WE
MaxSecure	Trojan.Malware.204080596.susgen
Fortinet	Riskware/YahLover
AVG	Win32:Evo-gen [Trj]

rootup.exe