Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2024, 9:07 a.m.	Oct. 20, 2024, 9:19 a.m.

Size	242.5KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`2a516c444620354c81fd32ef1b498d1b`
SHA256	`ee68d7deb7cefdfca66c078d6036d7aa3aa7afcc62b282999034b4a1faed890d`
CRC32	`CC861EBF`
ssdeep	`6144:ZiF3dWaGNQzmzbgONa3sbMMnl6ysB8X7+AAAAAAAAc8:gFdWaGNGGLUWl6JB+A`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

donut.exe "C:\Users\test22\AppData\Local\Temp\donut.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Donut.4!c
Cynet	Malicious (score: 99)
Skyhigh	RDN/Generic.grp
ALYac	Generic.ShellCode.Donut.Marte.4.FBD50004
Cylance	Unsafe
VIPRE	Generic.ShellCode.Donut.Marte.4.FBD50004
Sangfor	Trojan.Win64.Donut.Vcgt
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.ShellCode.Donut.Marte.4.FBD50004
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Arcabit	Generic.ShellCode.Donut.Marte.4.FBD50004
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Donutloader
APEX	Malicious
Avast	Win32:Donut-A [Inj]
ClamAV	Win.Packed.Rozena-10029918-0
Kaspersky	Trojan.Win64.Donut.ury
Alibaba	Trojan:Win64/Donut.41861a6e
NANO-Antivirus	Trojan.Win64.Redcap.jvkudz
SUPERAntiSpyware	Trojan.Agent/Gen-ShellcodeDonut
MicroWorld-eScan	Generic.ShellCode.Donut.Marte.4.FBD50004
Rising	Trojan.DonutLoader!1.E39F (CLASSIC)
Emsisoft	Generic.ShellCode.Donut.Marte.4.FBD50004 (B)
F-Secure	Heuristic.HEUR/AGEN.1374428
Zillya	Trojan.Donut.Win64.2364
TrendMicro	TROJ_GEN.R002C0XER23
McAfeeD	ti!EE68D7DEB7CE
CTX	exe.trojan.donut
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.ShellCode.Donut.Marte.4.FBD50004
Jiangmin	Trojan.Donut.coe
Webroot	W64.Trojan.Donut
Google	Detected
Avira	HEUR/AGEN.1374428
Antiy-AVL	Trojan/Win64.Generic
Kingsoft	Win64.Trojan.Donut.ury
Gridinsoft	Trojan.Win64.AI.cl
Xcitium	Malware@#cay5l43advb0
Microsoft	Trojan:Win64/Donut.psyA!MTB
ZoneAlarm	Trojan.Win64.Donut.ury
GData	Generic.ShellCode.Donut.Marte.4.FBD50004
Varist	W64/ABTrojan.PRDT-7975
AhnLab-V3	Trojan/Win.Donut.R566854
McAfee	RDN/Generic.grp
DeepInstinct	MALICIOUS
VBA32	Trojan.Win64.Donut
Malwarebytes	Generic.Malware.AI.DDS

donut.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All