Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 20, 2024, 9:08 a.m.	Oct. 20, 2024, 9:30 a.m.

Size	6.5MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`2af177eb2897d2b4b7aaa29bf9438e9c`
SHA256	`2f0924a9b7f0b3bade72e880a5fe16a9c2e3fd1b76ba5d153e5b6d6db5ee0f48`
CRC32	`041E4B12`
ssdeep	`196608:9BtjHHTTyr8r0IrnfoHYqyIZeEGFoekBS7rMy:9BtjHHX7IeQGFoekBxy`
PDB Path	D:\Testes ayz\intz ayz\x64\Release\DirectX 9.pdb
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Antivirus - Contains references to security software UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Testes ayz\intz ayz\x64\Release\DirectX 9.pdb

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00377600', u'virtual_address': u'0x000a8000', u'entropy': 7.964691096137862, u'name': u'.rdata', u'virtual_size': u'0x0037741c'}

entropy

7.96469109614

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00259a00', u'virtual_address': u'0x00420000', u'entropy': 7.96991439564636, u'name': u'.data', u'virtual_size': u'0x0025b058'}

entropy

7.96991439565

description

A section with a high entropy has been found

entropy

0.894092922015

description

Overall entropy of this PE file is high

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Donut.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Lazy
Skyhigh	BehavesLike.Win64.Injector.vc
McAfee	Artemis!2AF177EB2897
VIPRE	Gen:Variant.Lazy.590617
Sangfor	Trojan.Win64.Lazy.V4uc
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Gen:Variant.Lazy.590617
Arcabit	Trojan.Lazy.D90319
Symantec	Trojan.Gen.MBT
Elastic	Windows.Trojan.Donutloader
Avast	Win32:Donut-A [Inj]
ClamAV	Win.Packed.Rozena-10029918-0
Kaspersky	Trojan.Win64.Shellcode.asp
Alibaba	Trojan:Win32/Donut.01824972
MicroWorld-eScan	Gen:Variant.Lazy.590617
Rising	Trojan.DonutLoader!1.E39F (CLASSIC)
Emsisoft	Gen:Variant.Lazy.590617 (B)
McAfeeD	ti!2F0924A9B7F0
Trapmine	malicious.high.ml.score
CTX	dll.trojan.lazy
Sophos	Mal/Generic-S
FireEye	Gen:Variant.Lazy.590617
Google	Detected
Antiy-AVL	Trojan/Win64.ShellCode
Kingsoft	Win64.Trojan.Shellcode.asp
Gridinsoft	Trojan.Win64.Packed.sa
Microsoft	Trojan:Win64/DonutLdr.DB!MTB
GData	Gen:Variant.Lazy.590617
Varist	W64/ABTrojan.GSUG-6581
AhnLab-V3	Malware/Win.Generic.C5684478
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4214111599
Ikarus	Trojan.Win32.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09JA24
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Donut-A [Inj]
Paloalto	generic.ml

Renci.SshNet.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All