Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 3, 2024, 9:02 a.m.	Sept. 3, 2024, 9:04 a.m.

Size	76.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`34563cc2fcd4e6e5b0063cbc0ffce9c1`
SHA256	`bbb81a7571c503d859b2150c7741ac69b3308ad494a897d93cc0d0b371b7b5f1`
CRC32	`265865FB`
ssdeep	`768:FgwqURSuG6CU8ny0g7vkMHdF2vaIw39W62Do9wGd/7:6oSuH8ny04HyvaIi9r9w`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.21.35.232	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Foreign language identified in PE resource (10 events)

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_ICON

language

LANG_PORTUGUESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00014f08

size

0x00000468

name

RT_GROUP_ICON

language

LANG_PORTUGUESE

filetype

data

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x00015370

size

0x00000084

Communicates with host for which no DNS query was performed (1 event)

host

104.21.35.232

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Skyhigh	BehavesLike.Win32.Generic.lm
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.Vtbt
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee	RDN/Generic.dx
McAfeeD	ti!BBB81A7571C5
FireEye	Generic.mg.34563cc2fcd4e6e5
Sophos	Generic ML PUA (PUA)
Jiangmin	Trojan.Shelma.mqd
Webroot
Google	Detected
Antiy-AVL	Trojan/Win32.Agent
ViRobot	Trojan.Win.Z.Possiblethreat.77824.A
AhnLab-V3	Malware/Win.Generic.C5188365
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Khalesi
Malwarebytes	Generic.Malware/Suspicious
Ikarus	Trojan.SPY.Xegumumune
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
CrowdStrike	win/malicious_confidence_90% (D)

EvolutInjector.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All