Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 30, 2024, 6:06 p.m.	Aug. 30, 2024, 6:09 p.m.

Size	5.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`68d82beae213cad62a60a6df1363b12f`
SHA256	`4caa2065e60833f5fe97ed86c856da9ab5c48c69bafda08c75b7824d74704c18`
CRC32	`AF637DE8`
ssdeep	`98304:SENss+BGt8VWWDZdQRSQde1iev5BwGNtTWkIspOMvwNBWFW7zwIfNMgVa:SENR+BHMK6S71RvLrTwwOzNB0W3dNe`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.vmp0
section	.vmp1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00587c00', u'virtual_address': u'0x00400000', u'entropy': 7.909182997664659, u'name': u'.vmp1', u'virtual_size': u'0x00587aac'}

entropy

7.90918299766

description

A section with a high entropy has been found

entropy

0.999823446328

description

Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 events)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.tc
ALYac	Trojan.GenericKD.73296534
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73296534
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058cdc71 )
BitDefender	Trojan.GenericKD.73296534
K7GW	Trojan ( 0058cdc71 )
Cybereason	malicious.ae213c
Arcabit	Trojan.Generic.D45E6A96
VirIT	Trojan.Win64.Agent.HCU
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win64/Packed.VMProtect.L suspicious
APEX	Malicious
McAfee	Artemis!68D82BEAE213
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Packed:Win64/VMProtect.d617ed36
MicroWorld-eScan	Trojan.GenericKD.73296534
Emsisoft	Trojan.GenericKD.73296534 (B)
F-Secure	Heuristic.HEUR/AGEN.1315472
DrWeb	Trojan.Packed2.47488
Zillya	Trojan.VMProtect.Win64.19306
TrendMicro	TROJ_GEN.R002C0RFU24
McAfeeD	Real Protect-LS!68D82BEAE213
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.68d82beae213cad6
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.GenKD
Google	Detected
Avira	HEUR/AGEN.1315472
MAX	malware (ai score=81)
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#2ymuicgoxs2qb
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.73296534
Varist	W64/Trojan.IGM.gen!Eldorado
AhnLab-V3	Unwanted/Win.Generic.C5656027
DeepInstinct	MALICIOUS
Ikarus	PUA.VMProtect
TrendMicro-HouseCall	TROJ_GEN.R002C0RFU24
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W64/CoinMiner.FS!tr

11wY502.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All