Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 30, 2024, 2:01 p.m.	Dec. 30, 2024, 2:13 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`80c26491a66b30f8cfdc261fb96cbe26`
SHA256	`de51ca1f6ab95e575e1d6d8b41601aadf67f6c5a28329ee3a9ab1855727a6a26`
CRC32	`A3E9244F`
ssdeep	`49152:anqFQw3hCbfsjwL/wwkRmVwzfUsMeaw4BSH9WGwORUbSswR3s1aj:jFQwxCgwkwkRqwzfUsMewSH9WpORUbkD`
PDB Path	C:\Users\Blank\Desktop\åç¦»å è½½å¨æºç \åç¦»å è½½å¨æºç \Release\åç½®å è½½.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\Blank\Desktop\åç¦»å è½½å¨æºç \åç¦»å è½½å¨æºç \Release\åç½®å è½½.pdb

Foreign language identified in PE resource (50 out of 66 events)

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00197f04

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001980f0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001980f0

size

0x00000144

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a85b8

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a8cfc

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a8cfc

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a8cfc

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a8cfc

size

0x00000034

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9660

size

0x000001a6

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001a9930

size

0x00000014

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (9 events)

Time & API	Arguments	Status	Return
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: mobsync.exe process_identifier: 1692	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: pw.exe process_identifier: 760	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: wsqmcons.exe process_identifier: 792	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: sdclt.exe process_identifier: 508	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: cmd.exe process_identifier: 292	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: SearchProtocolHost.exe process_identifier: 808	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: conhost.exe process_identifier: 1516	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: 1.exe process_identifier: 1648	1	1
Process32NextW Dec. 30, 2024, 2:01 p.m.	snapshot_handle: 0x000000f8 process_name: pw.exe process_identifier: 1704	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00030200', u'virtual_address': u'0x0015e000', u'entropy': 7.85991169203324, u'name': u'.data', u'virtual_size': u'0x0003781c'}

entropy

7.85991169203

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00014200', u'virtual_address': u'0x00196000', u'entropy': 6.848125071714717, u'name': u'.rsrc', u'virtual_size': u'0x00014020'}

entropy

6.84812507171

description

A section with a high entropy has been found

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.PUP.th
Cylance	Unsafe
VIPRE	Trojan.GenericKD.75213763
Sangfor	Trojan.Win32.Agent.Vfz6
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.75213763
Arcabit	Trojan.Generic.D47BABC3
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Shellcode.gen
Alibaba	Trojan:Win32/Shellcode.c8e89b77
MicroWorld-eScan	Trojan.GenericKD.75213763
Rising	Trojan.Shellcode!8.2FDD (CLOUD)
Emsisoft	Trojan.GenericKD.75213763 (B)
F-Secure	Trojan.TR/Redcap.hetcy
CTX	exe.trojan.hetcy
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKD.75213763
Google	Detected
Avira	TR/Redcap.hetcy
Antiy-AVL	Trojan/Win32.ShellCode
Gridinsoft	Trojan.Win32.AI.sa
GData	Trojan.GenericKD.75213763
Varist	W32/ABApplication.XSUM-6567
AhnLab-V3	Trojan/Win.Generic.C5708327
McAfee	Artemis!80C26491A66B
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4056273278
TrendMicro-HouseCall	TROJ_GEN.R002H09LM24
Tencent	Win32.Trojan.Shellcode.Jmnw
MaxSecure	Trojan.Malware.1545982.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:TrojanX-gen [Trj]

1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All