Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 27, 2024, 1:33 p.m.	Sept. 27, 2024, 1:45 p.m.

Size	6.6MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`6b1daab5a1d25a65a3ff7a6b753468fd`
SHA256	`be493fddd2bc9bc6d4e186f4698db3022b811baa47f6552bf6cec03e472069e3`
CRC32	`DD84D2E4`
ssdeep	`196608:lAuRXHdU8e2+LAlqMU1m9HxwDVf2KVYSCZROiEFikVQ:lT3dU8e2+Y9HxC1CZROBYki`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section	.vmp0
section	.vmp1

section

{u'size_of_data': u'0x0068e400', u'virtual_address': u'0x005f4000', u'entropy': 7.932980162142553, u'name': u'.vmp1', u'virtual_size': u'0x0068e308'}

entropy

7.93298016214

description

A section with a high entropy has been found

entropy

0.999851057492

description

Overall entropy of this PE file is high

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

Bkav	W64.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.vc
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.L suspicious
APEX	Malicious
F-Secure	Heuristic.HEUR/AGEN.1366422
McAfeeD	Real Protect-LS!6B1DAAB5A1D2
Trapmine	malicious.high.ml.score
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.6b1daab5a1d25a65
Google	Detected
Avira	HEUR/AGEN.1366422
Microsoft	PUA:Win32/Caypnamer.A!ml
Varist	W64/VMProtBad.R.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R663373
McAfee	Artemis!6B1DAAB5A1D2
DeepInstinct	MALICIOUS
Ikarus	PUA.VMProtect

cod19-danban12.vmp.exe