Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 11, 2024, 9:35 a.m.	Nov. 11, 2024, 9:40 a.m.

Size	6.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ce3a6f4d1ebe823841187d30e9f143ab`
SHA256	`98d0e67d779ed43bcac753a9af22326e0024390d703c7c4e6601917ce6ff96bc`
CRC32	`B62B87AF`
ssdeep	`196608:hzdwgzwexbsur9a32K7/jiJuxhdPjk2+g0C:vwKFxImc97/jKuxPbk2nl`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

chrone.exe "C:\Users\test22\AppData\Local\Temp\chrone.exe"
2076

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (7 events)

section	\x00
section	.idata
section
section	lhupsyzm
section	xsqahloa
section	.pdata\x00I
section	.taggant

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 11, 2024, 9:27 a.m.	stacktrace: 0x4a6604 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69 exception.instruction: cmp dword ptr [rip + 0x2d18d], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4a6604 registers.r14: 0 registers.r15: 0 registers.rcx: 48 registers.rsi: 1744234936 registers.r10: 0 registers.rbx: 8791653941248 registers.rsp: 1309096 registers.r11: 1306904 registers.r8: 2004821056 registers.r9: 5365170176 registers.rdx: 8796092887632 registers.r12: 0 registers.rbp: 1309216 registers.rdi: 1067406994 registers.rax: 4875776 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x004ff600', u'virtual_address': u'0x00001000', u'entropy': 7.514530326226904, u'name': u' \\x00 ', u'virtual_size': u'0x0050b000'}

entropy

7.51453032623

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001e0600', u'virtual_address': u'0x0086a000', u'entropy': 7.959444735122556, u'name': u'lhupsyzm', u'virtual_size': u'0x001e1000'}

entropy

7.95944473512

description

A section with a high entropy has been found

entropy

0.998439716312

description

Overall entropy of this PE file is high

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Lionic	Trojan.Win32.Themida.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Expiro.vc
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Trojan.GenericKD.74729835
Arcabit	Trojan.Generic.D474496B
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.Themida.QW
Avast	MalwareX-gen [Trj]
Kaspersky	Trojan.Win32.Agent.xbudmp
MicroWorld-eScan	Trojan.GenericKD.74729835
Emsisoft	Trojan.GenericKD.74729835 (B)
TrendMicro	Trojan.Win64.AMADEY.YXEKIZ
McAfeeD	ti!98D0E67D779E
Trapmine	malicious.high.ml.score
CTX	exe.trojan.themida
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Themida
FireEye	Trojan.GenericKD.74729835
Google	Detected
Avira	TR/AD.Nekark.cmnrn
Antiy-AVL	Trojan[Packed]/Win64.Themida
Kingsoft	Win32.Trojan.Agent.xbudmp
Gridinsoft	Trojan.Win64.XMRig.tr
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	VHO:Trojan.Win32.Agent.gen
GData	Win64.Trojan.Agent.8PCFIE
AhnLab-V3	Malware/Win.AGEN.C5691799
DeepInstinct	MALICIOUS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.AMADEY.YXEKIZ
Fortinet	W32/PossibleThreat
AVG	MalwareX-gen [Trj]
Paloalto	generic.ml

chrone.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All