Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 22, 2024, 5:22 p.m.	Sept. 22, 2024, 5:55 p.m.

Size	5.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`27f9ee956e01f9e39de89aa138e26c8b`
SHA256	`a2987bc0cc4061ecb6be4ca1a1fe9055ca449a3c03e885229dfac0a471327b03`
CRC32	`B0F22A09`
ssdeep	`98304:Yrbc0dxOfbCIYflBduQn8LjGQrOsnVLMwbnRu14:YrbcQWb8flBdm26pnVLln/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

%E5%85%AC%E7%9B%8A%E4%BC%A0%E5%A5%87.exe "C:\Users\test22\AppData\Local\Temp\%E5%85%AC%E7%9B%8A%E4%BC%A0%E5%A5%87.exe"
2060

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
85.159.66.93	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.detour
section	.enigma1
section	.enigma2

The executable uses a known packer (1 event)

packer

PECompact 2.xx --> BitSum Technologies

The file contains an unknown PE resource name possibly indicative of a packer (9 events)

resource name	BASS
resource name	D3DX9_43
resource name	IMESKIN
resource name	LIBEAY32
resource name	PNG
resource name	SNAPPY32
resource name	SOUNDLST
resource name	SSLEAY32
resource name	UIPKG

Foreign language identified in PE resource (35 events)

name

BASS

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001df000

size

0x00016a38

name

D3DX9_43

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001f5a38

size

0x001e7d58

name

IMESKIN

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003dd790

size

0x000219c9

name

LIBEAY32

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003ff160

size

0x0014f3b8

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

PNG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00559b00

size

0x00000560

name

SNAPPY32

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0055a060

size

0x00017800

name

SOUNDLST

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00571860

size

0x0000881e

name

SSLEAY32

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0057a080

size

0x000537b8

name

UIPKG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x005cd838

size

0x0002a000

name

RT_ICON

language

LANG_CHINESE

filetype

dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318064, next used block 2005370999

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x006474a8

size

0x000002e8

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00647790

size

0x00000014

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x002bca00', u'virtual_address': u'0x00001000', u'entropy': 7.99993052200612, u'name': u'.text', u'virtual_size': u'0x00644000'}

entropy

7.99993052201

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00147000', u'virtual_address': u'0x0064a000', u'entropy': 7.959849267612412, u'name': u'.enigma1', u'virtual_size': u'0x00001000'}

entropy

7.95984926761

description

A section with a high entropy has been found

entropy

0.931874858309

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

85.159.66.93

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.HLLP.tc
ALYac	Gen:Trojan.Heur.GM.0400070800
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.GM.0400070800
Sangfor	Trojan.Win32.Agent.Ak5j
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Gen:Trojan.Heur.GM.0400070800
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Arcabit	Trojan.Heur.GM.D17D89890
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.MultiPacked.BO
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Malware.Trojanx-9949158-0
MicroWorld-eScan	Gen:Trojan.Heur.GM.0400070800
Rising	Backdoor.Poison!8.2D7 (TFE:1:p3IKYqeDVWH)
Emsisoft	Gen:Trojan.Heur.GM.0400070800 (B)
F-Secure	Trojan.TR/Crypt.PEPM.Gen
DrWeb	Trojan.DownLoader44.47801
Zillya	Trojan.MultiPacked.Win32.4924
McAfeeD	ti!A2987BC0CC40
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Sophos	Mal/EncPk-AQN
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.27f9ee956e01f9e3
Google	Detected
Avira	TR/Crypt.PEPM.Gen
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	Win32.HeurC.KVMH008.a
Gridinsoft	Ransom.Win32.Sabsik.oa!s1
Microsoft	Backdoor:Win32/Bladabindi!ml
GData	Gen:Trojan.Heur.GM.0400070800
AhnLab-V3	Trojan/Win.Heur.C5432875
McAfee	GenericRXVS-XQ!27F9EE956E01
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Trojan.Dropper
Tencent	Malware.Win32.Gencirc.10c03fb4
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:TrojanX-gen [Trj]

%E5%85%AC%E7%9B%8A%E4%BC%A0%E5%A5%87.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All