Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 3, 2024, 9:02 a.m.	Sept. 3, 2024, 9:14 a.m.

Size	901.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5ca92538a485317ce5c4dff6c5fd08f`
SHA256	`0aff775071bc938ee44ac07e20e4cabddd5235edb34a437c4d7006a8dab91a5e`
CRC32	`E503DB0E`
ssdeep	`24576:pEfEYaq13X2vhSMXlohmx+wQtaQUUlq/a:pEt3m30lqy`
PDB Path	E:\Projects\8 Ball Pool\Release\8 Ball Pool.pdb
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

E:\Projects\8 Ball Pool\Release\8 Ball Pool.pdb

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00026200', u'virtual_address': u'0x0004d000', u'entropy': 6.934124142325237, u'name': u'.rdata', u'virtual_size': u'0x000260fa'}

entropy

6.93412414233

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00012800', u'virtual_address': u'0x00074000', u'entropy': 7.022291110699508, u'name': u'.data', u'virtual_size': u'0x00013a50'}

entropy

7.0222911107

description

A section with a high entropy has been found

entropy

0.251666666667

description

Overall entropy of this PE file is high

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Fragtor.4!c
Elastic	malicious (moderate confidence)
Skyhigh	BehavesLike.Win32.Generic.dh
ALYac	Trojan.Agent.FYMP
Cylance	Unsafe
VIPRE	Trojan.Agent.FYMP
Sangfor	Trojan.Win32.Fragtor.Viff
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.Agent.FYMP
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.38a485
Arcabit	Trojan.Agent.FYMP
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee	RDN/Generic.tfr
Avast	Win32:MalwareX-gen [Trj]
Alibaba	Trojan:Win32/MalwareX.f6a2f804
SUPERAntiSpyware	Trojan.Agent/Gen-FYMP
MicroWorld-eScan	Trojan.Agent.FYMP
Rising	Trojan.Fragtor!8.13132 (CLOUD)
Emsisoft	Trojan.Agent.FYMP (B)
TrendMicro	TROJ_GEN.R002C0DI224
McAfeeD	ti!0AFF775071BC
FireEye	Trojan.Agent.FYMP
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Malware.Gen
Google	Detected
MAX	malware (ai score=100)
Antiy-AVL	GrayWare/Win32.Wacapew.c
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/Fragtor!mclg
ViRobot	Trojan.Win32.Z.Agent.922624.M
GData	Trojan.Agent.FYMP
Varist	W32/ABTrojan.YPMJ-7877
AhnLab-V3	Trojan/Win.Generic.R502664
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Agent
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Win32.Outbreak
Panda	Trj/Chgt.AD
MaxSecure	Trojan.Malware.184490620.susgen
Fortinet	W32/Barys.372368!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Fragtor.Gen

8_Ball_Pool_Cheto.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All