Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 2, 2024, 1:57 p.m.	Oct. 2, 2024, 1:58 p.m.

Size	323.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ad63629d1cc7a27553c9a52795b93d6d`
SHA256	`ad95d333d8a39a19dc61aa9925c98c99c913214f6a8615deb745ed4b2e53a085`
CRC32	`88163FE5`
ssdeep	`6144:PE+y5nV0uTRCZ34ntxGql3sQocUk/1TIAnIhjgyD9UEksK/D4xkl:PQ5n2mRIS8Qocj/15i8sK/D4Wl`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 1, 2024, 9:19 p.m.	stacktrace: exception.instruction_r: 81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75 exception.instruction: cmp dword ptr [esi], 0x64616f4c exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2701cb registers.esp: 15792768 registers.edi: 1972089048 registers.eax: 1971847168 registers.ebp: 629 registers.edx: 1972086496 registers.ebx: 0 registers.esi: 1972174852 registers.ecx: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 1, 2024, 9:19 p.m.	process_identifier: 3036 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00270000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00026c00', u'virtual_address': u'0x0002a000', u'entropy': 7.972834601401124, u'name': u'.data', u'virtual_size': u'0x00027c6c'}

entropy

7.9728346014

description

A section with a high entropy has been found

entropy

0.480620155039

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Reline.i!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.fc
ALYac	Gen:Variant.Zusy.548225
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.548225
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b56751 )
BitDefender	Gen:Variant.Zusy.548225
K7GW	Trojan ( 005b56751 )
Cybereason	malicious.d1cc7a
Arcabit	Trojan.Zusy.D85D81
VirIT	Trojan.Win32.Genus.VTM
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HXAL
APEX	Malicious
McAfee	Artemis!AD63629D1CC7
Avast	Win32:CrypterX-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Reline.gen
Alibaba	TrojanPSW:Win32/Reline.cf38d4d5
NANO-Antivirus	Trojan.Win32.Steam.knaawa
MicroWorld-eScan	Gen:Variant.Zusy.548225
Rising	Trojan.ShellCodeRunner!1.FC2C (CLASSIC)
Emsisoft	Gen:Variant.Zusy.548225 (B)
F-Secure	Trojan.TR/AD.Stealc.fszhb
DrWeb	Trojan.PWS.Steam.37240
Zillya	Trojan.Kryptik.Win32.4790304
TrendMicro	Mal_HPGen-50
McAfeeD	ti!AD95D333D8A3
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.ad63629d1cc7a275
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Jiangmin	Trojan.PSW.Reline.agk
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/AD.Stealc.fszhb
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Kryptik.hxal
Kingsoft	Win32.Trojan-PSW.Reline.gen
Gridinsoft	Malware.Win32.Stealc.tr
Xcitium	Malware@#2wn13ibxpvfkh
Microsoft	Trojan:Win32/Stealerc
ZoneAlarm	HEUR:Trojan-PSW.Win32.Reline.gen
GData	Gen:Variant.Zusy.548225
Varist	W32/Kryptik.MDQ.gen!Eldorado
AhnLab-V3	Trojan/Win.Hpgen.R648432
Acronis	suspicious

swizzz.exe