Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 30, 2024, 10:58 a.m.	Aug. 30, 2024, 11:07 a.m.

Size	2.1MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`a26e3c5047080c42ff5ef9279c17d41e`
SHA256	`603ef026260d8b171d64852d3167f51245db79514f045c59005cb13094e19bba`
CRC32	`C9059B08`
ssdeep	`49152:1yy2ZIezkaKQ8Vp/9dEhupMK+FvaX9sq8MgAd0Ixg:RdT3vld+EL+8qq8M9d0I`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

12.exe "C:\Users\test22\AppData\Local\Temp\12.exe"
1540

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	yxzthjsm
section	zjrlmogz
section	.pdata\x00I

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 30, 2024, 10:58 a.m.	stacktrace: 0x2d6604 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2d6604 registers.r14: 0 registers.r15: 0 registers.rcx: 48 registers.rsi: 951708706 registers.r10: 0 registers.rbx: 8791653941248 registers.rsp: 2882472 registers.r11: 518 registers.r8: 2880040 registers.r9: 2880112 registers.rdx: 8796092879440 registers.r12: 0 registers.rbp: 2882592 registers.rdi: 4294966902 registers.rax: 2975232 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00012400', u'virtual_address': u'0x00001000', u'entropy': 7.873213714619008, u'name': u' \\x00 ', u'virtual_size': u'0x00044000'}

entropy

7.87321371462

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00202400', u'virtual_address': u'0x003da000', u'entropy': 7.960357104190964, u'name': u'yxzthjsm', u'virtual_size': u'0x00203000'}

entropy

7.96035710419

description

A section with a high entropy has been found

entropy

0.997658079625

description

Overall entropy of this PE file is high

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Generic.vc
Cylance	Unsafe
Sangfor	Trojan.Win64.Agent.Vpkk
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win64/GenKryptik.GWNQ
APEX	Malicious
McAfee	Artemis!A26E3C504708
Avast	Win64:CrypterX-gen [Trj]
ClamAV	Win.Packed.Cerbu-10023995-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win64/GenKryptik.4db2b9e2
Rising	Trojan.Kryptik!8.8 (CLOUD)
F-Secure	Heuristic.HEUR/AGEN.1314813
McAfeeD	Real Protect-LS!A26E3C504708
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.a26e3c5047080c42
SentinelOne	Static AI - Suspicious PE
Google	Detected
Avira	HEUR/AGEN.1314813
Gridinsoft	Trojan.Heur!.038100A3
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4122085311
Ikarus	Trojan.Win64.Themida
Tencent	Win32.Trojan.Agen.Mgil
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/GenKryptik.GWNQ!tr
AVG	Win64:CrypterX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (D)

12.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All