Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 21, 2025, 10:15 a.m.	April 21, 2025, 10:22 a.m.

Size	3.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`135861e8edc3ee628b7279f1840456e3`
SHA256	`faedeb4abf9dff84f6f95975e81ceefbe7a50aeeced9820108d7a4a66f3bdc6e`
CRC32	`7F3AD870`
ssdeep	`98304:z0Fxb8yuO+WFwLId3DUVxaZumRdhfCqcqmP/CF:z0Fxb8yuO+JLA3DUub`
PDB Path	C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Antivirus - Contains references to security software Malicious_Packer_Zero - Malicious Packer CAB_file_format - CAB archive file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
pub-cba497f350194e308a09f98ef358c552.r2.dev	A 162.159.140.237 A 172.66.0.235	162.159.140.237
x1.i.lencr.org	CNAME crl.root-x1.letsencrypt.org.edgekey.net A 23.35.221.104 CNAME e8652.dscx.akamaiedge.net	23.49.225.95

Flow	SID	Signature	Category
TCP 192.168.56.103:49162 -> 162.159.140.237:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49162 162.159.140.237:443	C=US, O=Let's Encrypt, CN=R11	CN=*.r2.dev	aa:79:da:cd:20:a6:72:e4:79:6f:4a:2a:74:7a:e5:95:5e:1c:21:4e

pdb_path

C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 21, 2025, 10:15 a.m.		1	1	0

section	.didat
section	.fptable

request

GET http://x1.i.lencr.org/

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 21, 2025, 10:15 a.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 21, 2025, 10:15 a.m.	flags: 15 family: 0		111	0

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA April 21, 2025, 10:15 a.m.	key_handle: 0x0000039c regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Lionic	Trojan.Win32.Generic.4!c
CAT-QuickHeal	Trojan.Ghanarava.17444073810456e3
ALYac	Trojan.GenericKD.76209750
Cylance	Unsafe
VIPRE	Trojan.GenericKD.76209750
BitDefender	Trojan.GenericKD.76209750
K7GW	Trojan ( 005c57cb1 )
K7AntiVirus	Trojan ( 005c57cb1 )
Arcabit	Trojan.Generic.D48ADE56
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.CPOMCDU
Avast	FileRepMalware [Misc]
MicroWorld-eScan	Trojan.GenericKD.76209750
Emsisoft	Trojan.GenericKD.76209750 (B)
Zillya	Trojan.Cobalt.Win32.3856
McAfeeD	ti!FAEDEB4ABF9D
CTX	exe.trojan.fragtor
Sophos	Generic Reputation PUA (PUA)
Jiangmin	Trojan.Midie.ct
Webroot	W32.Trojan.Gen
Google	Detected
Microsoft	Trojan:Win32/Wacatac.C!ml
GData	Trojan.GenericKD.76209750
Varist	W32/ABTrojan.UCJO-0864
AhnLab-V3	Malware/Win.Generic.C5743781
McAfee	Artemis!135861E8EDC3
DeepInstinct	MALICIOUS
Ikarus	Trojan.SuspectCRC
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09CQ25
MaxSecure	Trojan.Malware.338151687.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Fragtor.Gen

setup.exe