Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 30, 2024, 11:26 a.m.	Sept. 30, 2024, 11:35 a.m.

Size	680.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f5982c5d15d53a2fb2aaf0f473742082`
SHA256	`9591e05c394b7c0044c08bb5eb6500fcfceb109bf5b52ba212b3ed17d25b4108`
CRC32	`BB7B13AF`
ssdeep	`12288:LoHv5MRHcZHo17/qfRh0jEe/Fo+V04YJAGuuGVxR9uuvzH/1PEc3noS:c8cduORh0jEe/lu4AABZJH`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

AQ2.exe "C:\Users\test22\AppData\Local\Temp\AQ2.exe"
1132

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	L_bGCl
section	L_6mU1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002cc05c

size

0x00000240

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x000a9400', u'virtual_address': u'0x00222000', u'entropy': 7.999450973366894, u'name': u'L_6mU1', u'virtual_size': u'0x000aa000'}

entropy

7.99945097337

description

A section with a high entropy has been found

entropy

0.9970544919

description

Overall entropy of this PE file is high

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.jc
ALYac	Gen:Variant.Barys.465305
Cylance	Unsafe
VIPRE	Gen:Variant.Barys.465305
Sangfor	Trojan.Win32.Agent.Vzrg
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Gen:Variant.Barys.465305
Arcabit	Trojan.Barys.D71999
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.BlackMoon.A suspicious
APEX	Malicious
Avast	TrojanX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Agent.gen
MicroWorld-eScan	Gen:Variant.Barys.465305
Rising	Trojan.MalCert!1.BD30 (CLOUD)
Emsisoft	Application.Generic (A)
McAfeeD	Real Protect-LS!F5982C5D15D5
Trapmine	malicious.high.ml.score
CTX	exe.unknown.barys
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.f5982c5d15d53a2f
Google	Detected
Antiy-AVL	Trojan/Win32.Blamon.a
Kingsoft	malware.kb.b.891
Gridinsoft	Trojan.Heur!.03212061
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Microsoft	Trojan:Win32/Wacatac.A!ml
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Gen:Variant.Barys.465305
Varist	W32/Trojan.GRW.gen!Eldorado
McAfee	Artemis!F5982C5D15D5
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Blamon
Malwarebytes	PUP.Optional.ChinAd
Ikarus	PUA.BlackMoon
Tencent	Win32.Trojan.Agent.Fkjl
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.ESFJ!tr
AVG	TrojanX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Wacapew.C9nj

AQ2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All