Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 14, 2024, 10:38 a.m.	Oct. 14, 2024, 10:42 a.m.

Size	10.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4f4e640b100583635e7d7218bc03a047`
SHA256	`b68f20b21290f3398b67a6c4b645d5ea94aeaf8e3da4272554b0b8e03753d08c`
CRC32	`C7798DFB`
ssdeep	`98304:HgHLafrLC6zJzuOpqjksAFAcp4EwH1dEo5byjV:agtJ8jk+cu1O4u`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.symtab

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00a61a04

size

0x0000034c

Bkav	W32.AIDetectMalware
Sangfor	Dropper.Win32.Agent.Vxg2
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of WinGo/TrojanDropper.Agent.EQ
Avast	Win32:Evo-gen [Trj]
Kaspersky	Trojan-PSW.Win32.Lumma.bvz
Alibaba	TrojanPSW:Win32/Lumma.ffb6c4f4
Rising	Dropper.Agent!1.10205 (CLASSIC)
F-Secure	Trojan.TR/Redcap.xmneh
McAfeeD	ti!B68F20B21290
Trapmine	malicious.moderate.ml.score
Sophos	Troj/Inject-JQY
Google	Detected
Avira	TR/Redcap.xmneh
Antiy-AVL	Trojan/Win32.Leonem
Kingsoft	Win32.HeurC.KVM007.a
Microsoft	Trojan:Win32/Leonem
ZoneAlarm	Trojan-PSW.Win32.Lumma.bvz
GData	Win32.Trojan.Agent.M1YM9U
McAfee	Artemis!4F4E640B1005
DeepInstinct	MALICIOUS
VBA32	Dropper.Wingo.Heur
Ikarus	Trojan-Dropper.WinGo.Agent
TrendMicro-HouseCall	TROJ_GEN.R002H01IT24
Tencent	Win32.Trojan-QQPass.QQRob.Eplw
Fortinet	W32/Agent.EQ!tr
AVG	Win32:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan[dropper]:Multi/Wacatac.B9nj

RmMai.exe