Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 7, 2025, 10:01 a.m.	April 7, 2025, 10:03 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`79c47af6671f89ba34da1c332b5d5035`
SHA256	`6facc38b5b793b240f3a757e0e22187f3b088340ec02c87d90250c2ced4c1600`
CRC32	`849F6E51`
ssdeep	`24576:G6WDD38BKSHMjIPVsyysvGkbQjI/zI2Wa4qMvVTQrA80/TGbkeM:GRv38B+ypvGkbC2lWZODQGbo`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

UZPt0hR.exe "C:\Users\test22\AppData\Local\Temp\UZPt0hR.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	m0
section	m1
section	m2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00137600', u'virtual_address': u'0x0014b000', u'entropy': 7.992237742926046, u'name': u'm2', u'virtual_size': u'0x00137600'}

entropy

7.99223774293

description

A section with a high entropy has been found

entropy

0.997197758207

description

Overall entropy of this PE file is high

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.BypassUAC.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.17439294675d5035
Skyhigh	BehavesLike.Win32.PWSZbot.tc
ALYac	Gen:Trojan.Heur.oD0@tqvcoXgi
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.oD0@tqvcoXgi
Sangfor	Trojan.Win32.Bypassuac.Vwl0
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Trojan.Heur.oD0@tqvcoXgi
K7GW	Trojan ( 0059f91f1 )
K7AntiVirus	Trojan ( 0059f91f1 )
Arcabit	Trojan.Heur.E0E737
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.VMProtect.BC suspicious
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	Trojan.MSIL.BypassUAC.aqe
MicroWorld-eScan	Gen:Trojan.Heur.oD0@tqvcoXgi
Rising	Trojan.BypassUAC!8.EC23 (CLOUD)
Emsisoft	Gen:Trojan.Heur.oD0@tqvcoXgi (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Inject5.13844
TrendMicro	Trojan.Win32.AMADEY.YXFDDZ
Trapmine	malicious.high.ml.score
CTX	exe.trojan.bypassuac
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.79c47af6671f89ba
Webroot	Win.Trojan.Bypassuac
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	RiskWare[Packed]/Win32.VMProtect.a
Kingsoft	malware.kb.b.991
Gridinsoft	Malware.Win32.Gen.tr
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Gen:Trojan.Heur.oD0@tqvcoXgi
Varist	W32/ABTrojan.LGZN-8301
AhnLab-V3	Malware/Win.Crypt.R696482
McAfee	Artemis!79C47AF6671F
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.Inject.gen
Malwarebytes	Malware.AI.3514859649
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXFDDZ
Tencent	Msil.Trojan.Bypassuac.Gkjl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Malicious_Behavior.SB

UZPt0hR.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All