Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 4, 2025, 12:42 p.m.	May 4, 2025, 1:02 p.m.

Size	494.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`01670e3502fb191bc0d6f3590ad6ed89`
SHA256	`642aeebc65589ee43e09e3d4066e9519151031c43a7daa8dd6f4823fc804d27c`
CRC32	`188C9EAF`
ssdeep	`12288:Q5p1UZ32H10rH5ZVZEsh8ZskmY5a4JNXuOwhDy/K:Q5pOZGHOrH5RLG64JNXQ1g`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

e10fbc7a-ba07-43b0-bb1a-4998d985f775.exe "C:\Users\test22\AppData\Local\Temp\e10fbc7a-ba07-43b0-bb1a-4998d985f775.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status
NtProtectVirtualMemory May 4, 2025, 12:42 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fa0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 4, 2025, 12:42 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f56000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 4, 2025, 12:42 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4128768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fb0000 process_handle: 0xffffffff	1

Bkav	W32.Common.38915DF0
Lionic	Trojan.Win32.Strab.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.1746265465d6ed89
Skyhigh	PWS-FDXO!01670E3502FB
ALYac	Gen:Variant.Zusy.584382
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.584382
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Zusy.584382
K7GW	Trojan ( 005c28581 )
K7AntiVirus	Trojan ( 005c28581 )
Arcabit	Trojan.Zusy.D8EABE
VirIT	Trojan.Win32.GenusT.EPRR
Symantec	Trojan.Rhadamanthys!g5
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Spy.Rhadamanthys.AA
APEX	Malicious
Avast	Win32:MalwareX-gen [Pws]
Kaspersky	HEUR:Trojan.Win32.Strab.gen
Alibaba	TrojanSpy:Win32/Strab.7bebbad4
NANO-Antivirus	Trojan.Win32.Strab.kvzmay
SUPERAntiSpyware	Trojan.Agent/Gen-Zusy
MicroWorld-eScan	Gen:Variant.Zusy.584382
Rising	Trojan.Strab!8.12D03 (TFE:5:0XapLWekQUP)
Emsisoft	Gen:Variant.Zusy.584382 (B)
F-Secure	Trojan.TR/Redcap.xszae
DrWeb	Trojan.Siggen30.63757
Zillya	Trojan.GenKryptik.Win32.1084625
TrendMicro	TrojanSpy.Win32.RHADAMANTHYS.YXFDNZ
McAfeeD	ti!642AEEBC6558
CTX	exe.trojan.strab
Sophos	Troj/Rhadaman-B
Webroot	Win.Malware.Gen
Google	Detected
Avira	TR/Redcap.xszae
Antiy-AVL	GrayWare/Win32.Wacapew
Gridinsoft	Trojan.Win32.Downloader.sa
Xcitium	Malware@#3qliiq2hurjjm
Microsoft	Trojan:Win32/Rhadamanthys.AC!MTB
ViRobot	Trojan.Win.Z.Zusy.506368.Y
ZoneAlarm	Troj/Rhadaman-B
GData	Gen:Variant.Zusy.584382
Varist	W32/Trojan.ZNSK-0652
AhnLab-V3	Trojan/Win.Generic.R697000
McAfee	PWS-FDXO!01670E3502FB
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanPSW.Rhadamanthys
Malwarebytes	Spyware.Rhadmanthys
Ikarus	Trojan.Win32.Injector

e10fbc7a-ba07-43b0-bb1a-4998d985f775