Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 5:03 p.m.	Oct. 21, 2024, 5:16 p.m.

Size	5.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`366820e26797d49013c1d0e21beb26cb`
SHA256	`d999ddc0a194cb124ac84861e3ecc0e746c9a13f90f6a4d003918e3bae891539`
CRC32	`D7474D46`
ssdeep	`98304:FWnZpfpcx+qB+zA6PZTdeLd4fVdQBuegPjiOZRRliOJrJRT:EnZpfuSXPZTdKcBPew7iOJ3`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE64 - (no description) VMProtect_Zero - VMProtect packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.vmp0
section	.vmp1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00585a00', u'virtual_address': u'0x003ff000', u'entropy': 7.907729413933411, u'name': u'.vmp1', u'virtual_size': u'0x00585850'}

entropy

7.90772941393

description

A section with a high entropy has been found

entropy

0.999823180974

description

Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 events)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Downloader.tc
ALYac	Trojan.GenericKD.74195679
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74195679
Sangfor	Ransom.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Trojan.GenericKD.74195679
K7GW	Trojan ( 0058cdab1 )
K7AntiVirus	Trojan ( 0058cdab1 )
Arcabit	Trojan.Generic.D46C22DF
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.L suspicious
APEX	Malicious
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Packed:Win64/VMProtect.6072c786
MicroWorld-eScan	Trojan.GenericKD.74195679
Emsisoft	Trojan.GenericKD.74195679 (B)
F-Secure	Heuristic.HEUR/AGEN.1315472
Zillya	Trojan.VMProtect.Win64.20071
McAfeeD	Real Protect-LS!366820E26797
Trapmine	malicious.moderate.ml.score
CTX	exe.trojan.vmprotect
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.366820e26797d490
Google	Detected
Avira	HEUR/AGEN.1315472
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.74195679
Varist	W64/Trojan.IGM.gen!Eldorado
McAfee	Artemis!366820E26797
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2298758339
Ikarus	PUA.VMProtect
TrendMicro-HouseCall	TROJ_GEN.R002H0CIS24
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W64/CoinMiner.FS!tr
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	VirTool:Win/Wacapew.C9nj

11wY50spoofer.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All