Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 23, 2024, 2:33 p.m.	Sept. 23, 2024, 2:36 p.m.

Size	21.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`cb3952f1852179348f8d2db91760d03b`
SHA256	`a9ea40670a686e175cc8c32e3fc6ba92505379303d6524f149022490a2dda181`
CRC32	`A6EA1C94`
ssdeep	`98304:Y/pLh1GGefzPX7NMW/uegYYFa5g1XkEN2shGZ5gzo/3KR:Yf1GPXpb/ue1Aa5g1NNDmv/3`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ftp_command - ftp command Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe anti_vm_detect - Possibly employs anti-virtualization techniques Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 99)
Skyhigh	Artemis
Sangfor	Trojan.Win32.Agent.Voh5
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/TrojanDropper.Agent.EB
Avast	Win64:Malware-gen
Rising	Trojan.Agent!1.F9CC (CLASSIC)
F-Secure	Trojan.TR/AVI.Agent.ssozt
TrendMicro	TrojanSpy.Win64.LUMMASTEALER.YXEIUZ
McAfeeD	ti!A9EA40670A68
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Google	Detected
Avira	TR/AVI.Agent.ssozt
Gridinsoft	Spy.Win64.Gen.tr
Microsoft	Trojan:Win32/Caynamer.A!ml
GData	Win64.Trojan.Agent.F2BDOY
Varist	W64/Agent.IKW.gen!Eldorado
AhnLab-V3	Trojan/Win.Malware-gen.C5673033
McAfee	Artemis!CB3952F18521
DeepInstinct	MALICIOUS
Ikarus	Trojan.WinGo.Agent
TrendMicro-HouseCall	TrojanSpy.Win64.LUMMASTEALER.YXEIUZ
Tencent	Msil.Trojan.Agent.Lflw
huorong	HEUR:Trojan/Injector.av
AVG	Win64:Malware-gen
Paloalto	generic.ml

easyfirewall.exe