Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 24, 2025, 3:12 p.m.	Feb. 24, 2025, 3:16 p.m.

Size	163.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f3b37711b4fdccff04ac73db511e6c97`
SHA256	`bbf19ab2cea14f070e7462babcc0f86ee9499ac0e971f70471386e43cf11cdd0`
CRC32	`7D6E7A1A`
ssdeep	`3072:pQpspNSEHxdY14ByBbjLZV6nqZfBYios3dtM2RRmubBZEZT/WB83gNMxjeh:pQpspIKw19Hp0WJFBCjwqpe`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Vidar_IN - Vidar IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
GetComputerNameW Feb. 24, 2025, 3:12 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 24, 2025, 3:12 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 24, 2025, 3:12 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 24, 2025, 3:12 p.m.	computer_name: TEST22-PC	1	1

resource name

EXE

section

{u'size_of_data': u'0x00025c00', u'virtual_address': u'0x00004000', u'entropy': 7.940652696931231, u'name': u'.rsrc', u'virtual_size': u'0x00025a38'}

entropy

7.94065269693

description

A section with a high entropy has been found

entropy

0.932098765432

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW Feb. 24, 2025, 3:12 p.m.	key_handle: 0x00000094 regkey_r: $77stager reg_type: 3 (REG_BINARY) value: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELN 3Óà"0T&s @ @ÔrO¸r H.text,S T `.relocV@BsHô'D 8@20' @ + o io %0ç0 :( ~ ( ,}rp(,n~ i 0@(~ ( ,Ki(,<~ ÿÿ~ ( jX( ~ ( ~ ( 0D<( ( PE3'X( . .+s zs z0<( X(-`+pX( (X( ( X( ( $X( (8 ( ((+o X(+~%-&~þ"s %(+(+s o ,(X( (( ZX( ( X XX?eÿÿÿ0<( X( X( +d(XX (ZX(( ( ( ( -/2X/YX* Xh 20Çr%p( ( o o /( 3r9p( rWp( (! ~" rqpo# rp(((o$ rp(((o$ Þ ,o% Ü( .(+((( r§p(& o' (&O6 0;s( s) s* (Þ ,o% Üo+ Þ ,o% Ü* )/ 07( iY+XaÒbc` Xi2â0T ( ~ ( 97(þ (9r¹p(, ~ ~ ((- ( 9ä~ ( ~ ( 9¹ ~ (~ ( 9{ ( <jX( (. ( jXjX( (/ X(0 8?( jXjXjX(ZjX( (1 .@ ( jX( (1 t@ï ( jX( (1 e@Ô ( jX( (1 x@¹ ( jX( (1 t@ ( jX( (. ( jX( (. ( jX( n( @(&( jX( ( jX( n( (&( jX( n( (&+Xh?¸þÿÿ (&(&(&Þ&ÞAPP(2 ®~-rãpÐ(3 o4 s5 ~~*j(rp~o6 tj(r'p~o6 tj(r3p~o6 tj(rGp~o6 t.s!(2 * BSJBv2.0.50727l¸#~$ ü #Strings \#US\|#GUID¸#BlobW}¢ ú3) "G6 û¥üÅü\ÊS¸ÊÊ%ë w%Åóü p% NÅêl\%v?Ê_£Øpç%Ã%%% sA(å7%M%n %ã%%d%ÊÈ N~%LlÝp%% Ç¥!~!! t! #b! {! !á! º= #,`ÀdVa hVkVkVh6¡nr @\zï@P õ} ´,!Å\|!Ù"¹X û A µ © P ´$#Mý"$BÄ"l$ Ä#°$ªË$ Ð% Ô% ¬Ù& © Ù' Þ) ®ç- %ò4 ìü: ? B,'¶F4'[F`'¨Fg'´ Fo'D&G'&G¥'6&GÀ'w&GÛ'¼ýGç'¶Gï' +G æhhhÔôÊ: f±!T 8æ-!M h ÏÏJØ ÿ: ¦æ3®ïtßú±>$ JbæN3 ) ú regkey: HKEY_LOCAL_MACHINE\SOFTWARE\$77stager	1	0	0

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW Feb. 24, 2025, 3:12 p.m.	key_handle: 0x00000094 regkey_r: $77stager reg_type: 3 (REG_BINARY) value: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELN 3Óà"0T&s @ @ÔrO¸r H.text,S T `.relocV@BsHô'D 8@20' @ + o io %0ç0 :( ~ ( ,}rp(,n~ i 0@(~ ( ,Ki(,<~ ÿÿ~ ( jX( ~ ( ~ ( 0D<( ( PE3'X( . .+s zs z0<( X(-`+pX( (X( ( X( ( $X( (8 ( ((+o X(+~%-&~þ"s %(+(+s o ,(X( (( ZX( ( X XX?eÿÿÿ0<( X( X( +d(XX (ZX(( ( ( ( -/2X/YX* Xh 20Çr%p( ( o o /( 3r9p( rWp( (! ~" rqpo# rp(((o$ rp(((o$ Þ ,o% Ü( .(+((( r§p(& o' (&O6 0;s( s) s* (Þ ,o% Üo+ Þ ,o% Ü* )/ 07( iY+XaÒbc` Xi2â0T ( ~ ( 97(þ (9r¹p(, ~ ~ ((- ( 9ä~ ( ~ ( 9¹ ~ (~ ( 9{ ( <jX( (. ( jXjX( (/ X(0 8?( jXjXjX(ZjX( (1 .@ ( jX( (1 t@ï ( jX( (1 e@Ô ( jX( (1 x@¹ ( jX( (1 t@ ( jX( (. ( jX( (. ( jX( n( @(&( jX( ( jX( n( (&( jX( n( (&+Xh?¸þÿÿ (&(&(&Þ&ÞAPP(2 ®~-rãpÐ(3 o4 s5 ~~*j(rp~o6 tj(r'p~o6 tj(r3p~o6 tj(rGp~o6 t.s!(2 * BSJBv2.0.50727l¸#~$ ü #Strings \#US\|#GUID¸#BlobW}¢ ú3) "G6 û¥üÅü\ÊS¸ÊÊ%ë w%Åóü p% NÅêl\%v?Ê_£Øpç%Ã%%% sA(å7%M%n %ã%%d%ÊÈ N~%LlÝp%% Ç¥!~!! t! #b! {! !á! º= #,`ÀdVa hVkVkVh6¡nr @\zï@P õ} ´,!Å\|!Ù"¹X û A µ © P ´$#Mý"$BÄ"l$ Ä#°$ªË$ Ð% Ô% ¬Ù& © Ù' Þ) ®ç- %ò4 ìü: ? B,'¶F4'[F`'¨Fg'´ Fo'D&G'&G¥'6&GÀ'w&GÛ'¼ýGç'¶Gï' +G æhhhÔôÊ: f±!T 8æ-!M h ÏÏJØ ÿ: ¦æ3®ïtßú±>$ JbæN3 ) ú regkey: HKEY_LOCAL_MACHINE\SOFTWARE\$77stager	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Rootkit.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Ghanarava.17402663771e6c97
Skyhigh	BehavesLike.Win32.Dropper.cc
ALYac	Gen:Variant.Zusy.545412
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.545412
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	RootKit ( 005aee0e1 )
BitDefender	Gen:Variant.Zusy.545412
K7GW	RootKit ( 005aee0e1 )
Arcabit	Trojan.Zusy.D85284
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Rootkit.Agent.OEM
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Rootkit.R77-10009366-0
Kaspersky	HEUR:Trojan.MSIL.R77.gen
Alibaba	Trojan:MSIL/CrypterX.85b3ea26
NANO-Antivirus	Trojan.Win32.R77.kvosye
MicroWorld-eScan	Gen:Variant.Zusy.545412
Rising	Rootkit.Agent!8.F5 (TFE:3:Ma4kQLHBcuO)
Emsisoft	Gen:Variant.Zusy.545412 (B)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	Trojan.BankBot.565
Zillya	Rootkit.Agent.Win32.54182
McAfeeD	Real Protect-LS!F3B37711B4FD
Trapmine	malicious.moderate.ml.score
CTX	exe.trojan.msil
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.f3b37711b4fdccff
Google	Detected
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/MSIL.r77
Kingsoft	MSIL.Trojan.R77.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Zusy.545412
Varist	W32/MSIL_Agent.HNK.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R630595
Acronis	suspicious
McAfee	Artemis!F3B37711B4FD
DeepInstinct	MALICIOUS
Malwarebytes	Rootkit.r77
Ikarus	Trojan.Win32.Rootkit

Install.exe