Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 7, 2025, 9:40 a.m.	March 7, 2025, 9:42 a.m.

Size	9.4MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`9d18a8c42b2137d30b0a637048a73531`
SHA256	`52f0eb7ef028ffcc804ba2b93cfaddc6a8fac4845ca7d7d171e90fe5c31c85b8`
CRC32	`01C0BFFB`
ssdeep	`196608:SYgZOc/4vXGrv86X6sk2dQmRrdA6luA8Qnf2ODjMnGydS8oo+6rbOHW5MdeHy:ngZ3/yYRqN2dQOluIF3MnG38oo+6rb6c`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

client.exe "C:\Users\test22\AppData\Local\Temp\client.exe"
2560
- client.exe "C:\Users\test22\AppData\Local\Temp\client.exe"
  2716

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 7, 2025, 9:33 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 7, 2025, 9:33 a.m.		1	1	0

section

.fptable

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 7, 2025, 9:33 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\_MEI25602\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25602\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25602\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25602\python311.dll

section

{u'size_of_data': u'0x0000f000', u'virtual_address': u'0x0004a000', u'entropy': 7.35014558701962, u'name': u'.rsrc', u'virtual_size': u'0x0000ef8c'}

entropy

7.35014558702

description

A section with a high entropy has been found

Bkav	W32.Common.24A4016D
Lionic	Trojan.Win32.Python.m!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	cld.backdoor.python
Skyhigh	BehavesLike.Win64.Dropper.tc
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (W)
K7GW	Trojan ( 005aeb811 )
K7AntiVirus	Trojan ( 005aeb811 )
Symantec	Infostealer
ESET-NOD32	Python/TeleBot.CP
APEX	Malicious
Avast	Python:Agent-ACY [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Backdoor:Application/TeleBot.9d1b4791
F-Secure	Trojan.TR/TeleBot.faqrc
Zillya	Trojan.Agent.Win32.4167152
McAfeeD	ti!52F0EB7EF028
CTX	exe.trojan.python
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Google	Detected
Avira	TR/TeleBot.faqrc
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Wacatac.B!ml
Varist	W64/ABApplication.XSUL-0503
McAfee	Artemis!9D18A8C42B21
DeepInstinct	MALICIOUS
Ikarus	Trojan.Python.Telebot
Panda	Trj/Chgt.AD
Tencent	Win32.Backdoor.Agent.Swhl
Fortinet	W32/TeleBot.CP!tr
AVG	Python:Agent-ACY [Trj]
Paloalto	generic.ml
alibabacloud	Backdoor:Python/TeleBot.CX

client.exe