Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 17, 2024, 2:39 p.m.	Oct. 17, 2024, 2:39 p.m.

Size	3.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f21aa436096afece0b8c39c36bf4a9ab`
SHA256	`43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10`
CRC32	`D66CAF09`
ssdeep	`49152:pvrI22SsaNYfdPBldt698dBcjHKO06CBxDPoGd9THHB72eh2NT:pvU22SsaNYfdPBldt6+dBcjH06O`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00006800', u'virtual_address': u'0x00320000', u'entropy': 7.86610930469309, u'name': u'.rsrc', u'virtual_size': u'0x000066f4'}

entropy

7.86610930469

description

A section with a high entropy has been found

File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Quasar.4!c
Elastic	Windows.Generic.Threat
CAT-QuickHeal	Trojan.Generic.TRFH927
Skyhigh	BehavesLike.Win32.Generic.wh
ALYac	Generic.MSIL.PasswordStealerA.13313DBC
Cylance	Unsafe
VIPRE	Generic.MSIL.PasswordStealerA.13313DBC
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b1c021 )
BitDefender	Generic.MSIL.PasswordStealerA.13313DBC
K7GW	Trojan ( 005b1c021 )
Cybereason	malicious.6096af
Arcabit	Generic.MSIL.PasswordStealerA.D3401DBC
VirIT	Trojan.Win32.MSIL_Heur.B
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.CLQ
APEX	Malicious
McAfee	GenericRXLX-DS!F21AA436096A
Avast	MSIL:Quasar-A [Rat]
ClamAV	Win.Malware.Generic-9883083-0
Kaspersky	HEUR:Trojan.MSIL.Quasar.gen
Alibaba	Backdoor:MSIL/Quasar.82785c5b
NANO-Antivirus	Trojan.Win32.Quasar.kpejwz
MicroWorld-eScan	Generic.MSIL.PasswordStealerA.13313DBC
Rising	Backdoor.Quasar!1.E5F1 (CLASSIC)
Emsisoft	Generic.MSIL.PasswordStealerA.13313DBC (B)
F-Secure	Heuristic.HEUR/AGEN.1305743
DrWeb	BackDoor.QuasarNET.3
TrendMicro	Backdoor.Win32.QUASARRAT.YXEGAZ
McAfeeD	ti!43E79AB56CD5
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.f21aa436096afece
Sophos	Troj/Quasar-AF
Ikarus	Trojan-Spy.Agent
Jiangmin	TrojanSpy.MSIL.cak
Webroot	W32.Trojan.MSIL.Quasar
Google	Detected
Avira	HEUR/AGEN.1305743
MAX	malware (ai score=87)
Antiy-AVL	Trojan/MSIL.Quasar
Kingsoft	MSIL.Trojan.Quasar.gen
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	Malware@#21z60so20dh5v
Microsoft	Backdoor:MSIL/Quasar!atmn
ZoneAlarm	HEUR:Trojan.MSIL.Quasar.gen
GData	MSIL.Backdoor.Quasar.A
Varist	W32/MSIL_Troj.BTX.gen!Eldorado
AhnLab-V3	Backdoor/Win32.QuasarRAT.R341693
BitDefenderTheta	Gen:NN.ZemsilF.36808.ip0@aSsXs!l

WenzCord.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All