Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 7, 2025, 9:58 a.m.	April 7, 2025, 10:01 a.m.

Size	5.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`524faa5c0e252d6edebacc31ec488d31`
SHA256	`ab8d42ebe660e813c943cacc78d23b80f9ba88392ff32fc3ae07fabaaeb13647`
CRC32	`0307C029`
ssdeep	`98304:z8oKhObimn6gZvA8nqOdZbWGPTyj7UHvzjZ2ejcdVgSRXWxepmm0uHq1VNae10l5:z8rsFRZ4mqOTKGbGw7j4hdKKXnl0uHqY`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

HashDrop.exe "C:\Users\test22\AppData\Local\Temp\HashDrop.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 7, 2025, 9:58 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 7, 2025, 9:58 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 7, 2025, 9:58 a.m.	process_identifier: 2564 region_size: 5451776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00507c00', u'virtual_address': u'0x00072000', u'entropy': 7.997308705525319, u'name': u'.data', u'virtual_size': u'0x00507c10'}

entropy

7.99730870553

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00008600', u'virtual_address': u'0x005b5000', u'entropy': 6.825765469515096, u'name': u'.reloc', u'virtual_size': u'0x000084a0'}

entropy

6.82576546952

description

A section with a high entropy has been found

entropy

0.883294999574

description

Overall entropy of this PE file is high

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SecAV

reg_value

C:\Users\test22\AppData\Local\Temp\rareTemp.exe

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Keylogger.b!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.1742709466488d31
Skyhigh	Artemis!Trojan
ALYac	Gen:Trojan.Keylogger.@x0@aW!u74li
Cylance	Unsafe
VIPRE	Trojan.GenericKD.76179422
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.76179422
K7GW	Spyware ( 005c0d651 )
K7AntiVirus	Spyware ( 005c0d651 )
Arcabit	Trojan.Generic.D48A67DE
VirIT	Trojan.Win32.GenHeur.C
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Kryptik.HYUP
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	Trojan-Dropper.Win32.Agent.tkcrqv
MicroWorld-eScan	Trojan.GenericKD.76179422
Rising	Trojan.ShellCodeLoader!1.12AF9 (CLASSIC)
Emsisoft	Trojan.GenericKD.76179422 (B)
F-Secure	Trojan.TR/Crypt.Agent.pmwza
DrWeb	Trojan.Siggen31.4620
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.524faa5c0e252d6e
Google	Detected
Avira	TR/Crypt.Agent.pmwza
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	malware.kb.a.1000
Gridinsoft	Spy.Win32.Keylogger.sa
Microsoft	Trojan:Win32/LummaC.BV!MTB
ViRobot	Trojan.Win.Z.Keylogger.6011392
GData	Trojan.GenericKD.76179422
Varist	W32/ABApplication.AZKL-6169
AhnLab-V3	Trojan/Win.Sabsik.C5744460
McAfee	Artemis!524FAA5C0E25
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanRansom.Stealc
Malwarebytes	Malware.AI.2407846946
Ikarus	Trojan.Win32.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9V
Tencent	Malware.Win32.Gencirc.10c36149
MaxSecure	Trojan.Malware.7164915.susgen

HashDrop.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All