Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 30, 2025, 2:02 p.m.	March 30, 2025, 2:04 p.m.

Size	16.6MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`2e9514743f83af63b13270dacd55e52b`
SHA256	`591f33657fb6f7b02f60ab5214e2c724c551273a65ba39f27f6ed51a914c87ba`
CRC32	`5315F921`
ssdeep	`98304:13JsrbN0beP5gcerHxCvaQvkfyueniEagV7w4kbro:dJsPKG5lerRCvmfybnZ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file

work1.exe "C:\Users\test22\AppData\Local\Temp\work1.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress March 30, 2025, 1:55 p.m.	ordinal: 0 function_address: 0x000007fefd6b7a50 function_name: wine_get_version module: ntdll module_address: 0x0000000076d30000		-1073741511	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Sliver.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.174259387655e52b
Skyhigh	PUP-INQ
ALYac	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
Cylance	Unsafe
VIPRE	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
K7GW	Trojan ( 005a11271 )
K7AntiVirus	Trojan ( 005a11271 )
Arcabit	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
VirIT	Trojan.Win64.Sliver.AA
Symantec	Trojan Horse
Elastic	Multi.Trojan.Sliver
ESET-NOD32	a variant of WinGo/HackTool.Sliver.L
APEX	Malicious
Avast	Win64:BackdoorX-gen [Trj]
ClamAV	Win.File.Sliver-9942542-0
Kaspersky	HEUR:Trojan.Multi.MalGO.gen
Alibaba	Trojan:Win64/MalGO.c89ad9ed
MicroWorld-eScan	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
Rising	Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A (B)
F-Secure	Hack-Tool:W32/SBeacon.A
TrendMicro	Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD	ti!591F33657FB6
CTX	exe.trojan.sliver
Sophos	ATK/Sliver-B
SentinelOne	Static AI - Malicious PE
FireEye	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
Google	Detected
Avira	HEUR/AGEN.1366847
Antiy-AVL	Trojan/Multi.MalGO
Gridinsoft	Trojan.Win64.AI.sa
Microsoft	Trojan:Win32/SuspGolang.AG
ZoneAlarm	ATK/Sliver-B
GData	Dump:Generic.Trojan.Sliver.Marte.F.5081B31A
Varist	W64/ABApplication.FGCY-5184
AhnLab-V3	Trojan/Win.Sliver.R666401
McAfee	PUP-INQ
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.1183035905
Ikarus	Trojan.WinGo.Shellcoderunner
Panda	Trj/CI.A
TrendMicro-HouseCall	Backdoor.Win64.SILVER.SMYXCFWAZ
Tencent	Win32.Trojan.Malgo.Zwhl
huorong	HackTool/Sliver.a

work1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All