Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2:19 p.m.	Aug. 19, 2024, 3:33 p.m.

Size	925.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6b3b47c27c01e8f45f6d0f6aa509315c`
SHA256	`fe926ef4cf81095f205182c27b40b23a8b50e519b289f490b0bc75c1057f0578`
CRC32	`13A676E9`
ssdeep	`24576:WfK9zUHFpi8/OYNNJcDaF14FseUwt4P3yGX42yk:WfKtqFpiuOb2fsSf3lI2yk`
Yara	AutoIt - autoit PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 2:19 p.m.			0	0
IsDebuggerPresent Aug. 19, 2024, 2:19 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 19, 2024, 2:19 p.m.		1	1	0

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

section

{u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'}

entropy

7.94096585609

description

A section with a high entropy has been found

entropy

0.911450381679

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.lNoD
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Spyware.dc
ALYac	Trojan.GenericKD.66127824
Cylance	Unsafe
VIPRE	Trojan.GenericKD.66127824
Sangfor	Infostealer.Win32.Shutdowner.V7mj
K7AntiVirus	Trojan ( 005631b11 )
BitDefender	Trojan.GenericKD.66127824
K7GW	Trojan ( 005631b11 )
Cybereason	malicious.27c01e
Arcabit	Trojan.Generic.D3F107D0
VirIT	Trojan.Win32.Generic.XTX
Symantec	Trojan.Gen.MBT
ESET-NOD32	multiple detections
APEX	Malicious
McAfee	RDN/PWS-Banker
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Generic-6651791-0
Kaspersky	Trojan.Win32.Shutdowner.ahqz
Alibaba	Packed:Win32/Generic.2b2244a0
NANO-Antivirus	Trojan.Win32.Shutdowner.jvqfph
MicroWorld-eScan	Trojan.GenericKD.66127824
Rising	Trojan.Shutdowner!8.DDC (CLOUD)
Emsisoft	Trojan.GenericKD.66127824 (B)
F-Secure	Trojan.TR/Shutdowner.ekgfy
DrWeb	Trojan.Siggen5.59949
Zillya	Trojan.Shutdowner.Win32.4893
TrendMicro	TROJ_GEN.R002C0PET24
McAfeeD	ti!FE926EF4CF81
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.6b3b47c27c01e8f4
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader
Webroot	W32.Malware.gen
Google	Detected
Avira	TR/Shutdowner.ekgfy
MAX	malware (ai score=86)
Antiy-AVL	Trojan[Packed]/Win32.Autoit
Kingsoft	Win32.Trojan.Shutdowner.ahqz
Gridinsoft	Trojan.Win32.CoinMiner.dd!s2
Xcitium	TrojWare.Win32.Hider.REXR@5364l6
Microsoft	PWS:Win32/Multiverze
ViRobot	Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm	Trojan.Win32.Shutdowner.ahqz
GData	Win32.Trojan.PSE.R2WKDE
Varist	W32/Trojan.IJBN-1595
DeepInstinct	MALICIOUS

wordup.exe