Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 28, 2024, 11:07 a.m.	Oct. 28, 2024, 11:10 a.m.

Size	134.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d416cd21f681904f47906b6bf0fcdfd7`
SHA256	`f2bf5cd5d00f412f1e7d4bbfdc6a9693da0c0531a189c22522f2c7d5eda8d075`
CRC32	`524D5959`
ssdeep	`3072:FdilPMz3so1EflDYOw2sfMPRy4ywZmG2TAWR:bitM0YOLsG4RwZrpW`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

nova.exe "C:\Users\test22\AppData\Local\Temp\nova.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 28, 2024, 11:07 a.m.			0	0

A process attempted to delay the analysis task. (1 event)

description

nova.exe tried to sleep 218 seconds, actually delayed analysis time by 218 seconds

Installs itself for autorun at Windows startup (2 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemHandler				reg_value	C:\Users\test22\AppData\Local\Temp\nova.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemHandler				reg_value	C:\Users\test22\AppData\Local\Microsoft\svcapp.exe

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.Common.A6F7687F
Lionic	Trojan.Win32.ClipBanker.Z!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.ClipBanker
Skyhigh	BehavesLike.Win32.Generic.ch
ALYac	Gen:Variant.Doina.82314
Cylance	Unsafe
VIPRE	Gen:Variant.Doina.82314
Sangfor	Trojan.Win32.Agent.Vr5z
BitDefender	Gen:Variant.Doina.82314
K7GW	Trojan ( 005bc3ed1 )
K7AntiVirus	Trojan ( 005bc3ed1 )
Arcabit	Trojan.Doina.D1418A
VirIT	Trojan.Win32.Genus.WTT
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/ClipBanker.TM
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	TrojanBanker:Win32/ClipBanker.18089f7d
NANO-Antivirus	Trojan.Win32.ClipBanker.kszubq
MicroWorld-eScan	Gen:Variant.Doina.82314
Rising	Trojan.Kryptik@AI.80 (RDML:2PJ3/z5V+j1pTub1aXY0bg)
Emsisoft	Gen:Variant.Doina.82314 (B)
F-Secure	Heuristic.HEUR/AGEN.1374927
TrendMicro	Trojan.Win32.AMADEY.YXEJWZ
McAfeeD	Real Protect-LS!D416CD21F681
Trapmine	malicious.high.ml.score
CTX	exe.trojan.clipbanker
Sophos	Mal/Generic-S
FireEye	Generic.mg.d416cd21f681904f
Webroot	W32.AMADEY.YXEJWZ
Google	Detected
Avira	HEUR/AGEN.1374927
Antiy-AVL	Trojan[Banker]/Win32.ClipBanker
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Ransom.Win32.Banker.sa
Xcitium	Malware@#3rd2s8ojqk8zq
Microsoft	VirTool:Win32/Obfuscator
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Doina.82314
Varist	W32/S-c79edac8!Eldorado
AhnLab-V3	Win-Trojan/Gandcrab08.Exp
McAfee	Artemis!D416CD21F681
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanBanker.ClipBanker
Malwarebytes	Trojan.ClipBanker
Ikarus	Trojan.Win32.Clipbanker
Panda	Trj/Chgt.AD

nova.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All