Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 30, 2024, 9:27 a.m.	Sept. 30, 2024, 9:31 a.m.

Size	46.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`36c6f6fee875b519a81284fafb3e41b1`
SHA256	`6f83e3f9c38108dbea18ae72954c4157520eb105ead4182f4c863574cce824e1`
CRC32	`61AB971B`
ssdeep	`768:7rgEBSg0ylb/G1qm5S6LeWnENCz5/Gio2+ebavyUnA:7rOg5lbGkm5VL1ENwZVo2+dy+A`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

ScanPort.exe "C:\Users\test22\AppData\Local\Temp\ScanPort.exe"
1800

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 30, 2024, 9:27 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	BAO0
section	BAO1

The executable uses a known packer (1 event)

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Foreign language identified in PE resource (12 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001a9e8

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000c5e0

size

0x00000116

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000c5e0

size

0x00000116

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001ae54

size

0x00000076

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0001aed0

size

0x000002b0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00005000', u'virtual_address': u'0x00010000', u'entropy': 7.831299958042609, u'name': u'BAO1', u'virtual_size': u'0x00005000'}

entropy

7.83129995804

description

A section with a high entropy has been found

entropy

0.444444444444

description

Overall entropy of this PE file is high

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.PortScan.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Mauvaise.SL1
Skyhigh	BehavesLike.Win32.Generic.ph
ALYac	Misc.HackTool.Portscan
Cylance	Unsafe
K7AntiVirus	Unwanted-Program ( 004d38111 )
K7GW	Unwanted-Program ( 004d38111 )
VirIT	Trojan.Win32.Agent.GIQ
Symantec	Trojan Horse
ESET-NOD32	Win32/NetTool.Portscan.NAD potentially unsafe
APEX	Malicious
Avast	Win32:MiscX-gen [PUP]
ClamAV	Win.Trojan.Agent-5908965-0
NANO-Antivirus	Trojan.Win32.ULPM.cwxutv
SUPERAntiSpyware	Hack.Tool/Gen-PortScan
Rising	Malware.Heuristic!ET#85% (C64:YzY0OtXPyrjUuyo6)
F-Secure	PrivacyRisk.SPR/PortScan.A
DrWeb	Tool.PortScan.36
Zillya	Downloader.Genome.Win32.65663
TrendMicro	HKTL_PORTSCAN
McAfeeD	ti!6F83E3F9C381
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.36c6f6fee875b519
Sophos	Generic ML PUA (PUA)
Jiangmin	Exploit.Multi.az
Webroot	W32.Malware.Gen
Google	Detected
Avira	SPR/PortScan.A
Antiy-AVL	RiskWare[NetTool]/Win32.Portscan
Kingsoft	Win32.Troj.Generic.jm
Gridinsoft	PUP.Win32.Gen.vb!s2
Microsoft	PUA:Win32/Presenoker
Varist	W32/Risk.ZSAG-4843
AhnLab-V3	HackTool/Win.Portscan.C5279418
McAfee	GenericRXAA-AA!36C6F6FEE875
DeepInstinct	MALICIOUS
VBA32	BScope.Exploit.CVE-2020-0601
Malwarebytes	HackTool.PortScanner
Panda	Generic Malware
TrendMicro-HouseCall	HKTL_PORTSCAN
Yandex	Trojan.GenAsa!Qdr4RuYleEs
huorong	HackTool/PortScan
MaxSecure	Trojan.Malware.1380297.susgen
Fortinet	Riskware/Generic_PUA_KA
AVG	Win32:MiscX-gen [PUP]
Paloalto	generic.ml
CrowdStrike	win/grayware_confidence_100% (W)

ScanPort.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All