Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 30, 2025, 7:30 p.m.	Jan. 30, 2025, 7:43 p.m.

Size	442.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4306fc8134a17b66deaed4f01d8317d9`
SHA256	`ea900b5f7cce48de0ee7bc07fa7fea1edfb10dfffa4ffed08d48100cca0f532e`
CRC32	`C4E062DC`
ssdeep	`6144:GhbLf1V8/AaPlTG9sCMt/4NKTWqQqHTf213XqMeOETHvmAK9AnNEJWk+:GZxVcPlq9A/4PqHrenq+UHvmAK9AJk`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rh_0-8_2025-01-23_15-05.exe "C:\Users\test22\AppData\Local\Temp\rh_0-8_2025-01-23_15-05.exe"
2064

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Jan. 30, 2025, 7:30 p.m.	process_identifier: 2064 region_size: 303104 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Jan. 30, 2025, 7:30 p.m.	process_identifier: 2064 region_size: 454656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0005f800', u'virtual_address': u'0x00001000', u'entropy': 7.871744691972028, u'name': u'.text', u'virtual_size': u'0x0005f756'}

entropy

7.87174469197

description

A section with a high entropy has been found

entropy

0.866213151927

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.LummaC.i!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Generic.gc
McAfee	Artemis!4306FC8134A1
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.109303
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKDZ.109303
K7GW	Trojan ( 005b8ac51 )
K7AntiVirus	Trojan ( 005b8ac51 )
Arcabit	Trojan.Generic.D1AAF7
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HYRY
APEX	Malicious
Avast	Win32:BootkitX-gen [Rtk]
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Kaspersky	HEUR:Trojan-PSW.Win32.Rhadamanthys.gen
Alibaba	TrojanPSW:Win32/LummaC.af12aeb4
MicroWorld-eScan	Trojan.GenericKDZ.109303
Rising	Exploit.ShellCode!8.1983E (TFE:5:hVbQxggab3Q)
Emsisoft	Trojan.GenericKDZ.109303 (B)
F-Secure	Trojan.TR/Crypt.Agent.ekptv
DrWeb	Trojan.DownLoader47.36298
McAfeeD	ti!EA900B5F7CCE
Trapmine	malicious.high.ml.score
CTX	exe.trojan.lummac
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.4306fc8134a17b66
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.Agent.ekptv
Antiy-AVL	Trojan[Exploit]/Win32.ShellCode
Kingsoft	malware.kb.a.1000
Gridinsoft	Ransom.Win32.STOP.sa
Xcitium	Malware@#1n87f7plcmayk
Microsoft	Trojan:Win32/LummaC.AE!MTB
GData	Trojan.GenericKDZ.109303
Varist	W32/Kryptik.NAI.gen!Eldorado
AhnLab-V3	Trojan/Win.LummaC.R689714
VBA32	TrojanPSW.Rhadamanthys
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan.Win32.Crypt
Panda	Trj/GdSda.A
Tencent	Trojan.Win32.Obfuscated.gen

rh_0-8_2025-01-23_15-05.exe