Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 8, 2024, 4:55 p.m.	Nov. 8, 2024, 5:06 p.m.

Size	188.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a49ec3d87bfccda0f6bbd0370fcb6278`
SHA256	`03ebf441dc8565f21b0907244805d92ca5edb421e384c31abf929e933a4f408f`
CRC32	`900F72F9`
ssdeep	`3072:pvGygixsiq1mO5GWp1icKAArDZz4N9GhbkrNEkbD6HDdOaRuq:Lv2p0yN90QEG6jdOaR/`
PDB Path	wextract.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file

Setup%20Ms%20P-1A.EXE "C:\Users\test22\AppData\Local\Temp\Setup%20Ms%20P-1A.EXE"
652

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 8, 2024, 4:48 p.m.			0	0

pdb_path

wextract.pdb

resource name

AVI

section

{u'size_of_data': u'0x00024c00', u'virtual_address': u'0x0000f000', u'entropy': 7.320307715956126, u'name': u'.rsrc', u'virtual_size': u'0x00025000'}

entropy

7.32030771596

description

A section with a high entropy has been found

entropy

0.784

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Looper.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Dropper.cc
ALYac	Trojan.GenericKD.66132173
Cylance	unsafe
VIPRE	Trojan.GenericKD.66132173
Sangfor	Trojan.Bat.Agent.Vglw
K7AntiVirus	Trojan ( 005803811 )
BitDefender	Trojan.GenericKD.66132173
K7GW	Trojan ( 005803811 )
Arcabit	Trojan.Generic.D3F118CD
VirIT	Trojan.Win32.Panda.UDK
Symantec	Trojan.Gen.MBT
ESET-NOD32	BAT/Agent.PFF
APEX	Malicious
McAfee	Artemis!A49EC3D87BFC
Avast	Win64:Trojan-gen
ClamAV	Win.Trojan.Taskkill-2
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:BAT/Looper.4c3c4b0e
NANO-Antivirus	Trojan.Script.Spth_MkDir.ewfl
MicroWorld-eScan	Trojan.GenericKD.66132173
Rising	Malware.Agent!1.9F77 (CLASSIC)
Emsisoft	Trojan.GenericKD.66132173 (B)
F-Secure	Malware.BAT/Agent.cpdeh
FireEye	Trojan.GenericKD.66132173
Sophos	Mal/Generic-S
Ikarus	Trojan.BAT.Agent
Google	Detected
Avira	BAT/Agent.cpdeh
Antiy-AVL	Trojan[Backdoor]/Win32.AGeneric
ZoneAlarm	Trojan.BAT.Looper.gen
GData	Trojan.GenericKD.66132173
Varist	W32/DarkKomet.Q.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Dropper
Panda	Trj/Chgt.AD
Tencent	Bat.Trojan.Looper.Nzfl
SentinelOne	Static AI - Suspicious SFX
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	BAT/KillWin.HY!tr
AVG	Win64:Trojan-gen

Setup%20Ms%20P-1A.EXE