Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 4, 2025, 12:43 p.m.	May 4, 2025, 12:59 p.m.

Size	1.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`e4af4fa65df7f861b671ca22bab64b45`
SHA256	`3a85bdd8b7e6a8c4c148ede1282bd637425f26c362c2458b31f0ed268499f6c3`
CRC32	`B9DA7DC2`
ssdeep	`24576:Q4HgiyW6cRe30ZD/K/GCbSTdinsxX0zk/Hrha:QDVUM1uSSTdisxkQHrha`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

b8c97f27-6a38-42ce-8655-fb96a3efd9f3.exe "C:\Users\test22\AppData\Local\Temp\b8c97f27-6a38-42ce-8655-fb96a3efd9f3.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 events)

section	.BSS
section	.gxfg
section	.retplne
section	_RDATA
section	.cSs

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 4, 2025, 12:36 p.m.	stacktrace: b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x8d2b7 @ 0x13f4bd2b7 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x920e @ 0x13f43920e b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2b522 @ 0x13f45b522 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2ad24 @ 0x13f45ad24 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2ee27 @ 0x13f45ee27 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x80cf7 @ 0x13f4b0cf7 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7fa19 @ 0x13f4afa19 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7c3c2 @ 0x13f4ac3c2 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7720b @ 0x13f4a720b b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7644d @ 0x13f4a644d b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x74062 @ 0x13f4a4062 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x69e33 @ 0x13f499e33 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x5a296 @ 0x13f48a296 b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x85df3 @ 0x13f4b5df3 TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x76d42484 RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x76d50c26 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74 exception.symbol: b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x8d2b7 exception.instruction: movzx r8d, word ptr [rcx] exception.module: b8c97f27-6a38-42ce-8655-fb96a3efd9f3.exe exception.exception_code: 0xc0000005 exception.offset: 578231 exception.address: 0x13f4bd2b7 registers.r14: 0 registers.r15: 0 registers.rcx: 110 registers.rsi: 0 registers.r10: 4294967041 registers.rbx: 0 registers.rsp: 32505216 registers.r11: 765710592 registers.r8: 765710593 registers.r9: 0 registers.rdx: 5357001908 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 75 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

May 4, 2025, 12:36 p.m.

stacktrace:

b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x8d2b7 @ 0x13f4bd2b7
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x920e @ 0x13f43920e
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2b522 @ 0x13f45b522
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2ad24 @ 0x13f45ad24
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x2ee27 @ 0x13f45ee27
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x80cf7 @ 0x13f4b0cf7
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7fa19 @ 0x13f4afa19
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7c3c2 @ 0x13f4ac3c2
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7720b @ 0x13f4a720b
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x7644d @ 0x13f4a644d
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x74062 @ 0x13f4a4062
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x69e33 @ 0x13f499e33
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x5a296 @ 0x13f48a296
b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x85df3 @ 0x13f4b5df3
TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x76d42484
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x76d50c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: b8c97f27-6a38-42ce-8655-fb96a3efd9f3+0x8d2b7
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: b8c97f27-6a38-42ce-8655-fb96a3efd9f3.exe
exception.exception_code: 0xc0000005
exception.offset: 578231
exception.address: 0x13f4bd2b7
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: 4294967041
registers.rbx: 0
registers.rsp: 32505216
registers.r11: 765710592
registers.r8: 765710593
registers.r9: 0
registers.rdx: 5357001908
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x0009cc00', u'virtual_address': u'0x00001000', u'entropy': 7.056920046433601, u'name': u'.text', u'virtual_size': u'0x0009caa4'}

entropy

7.05692004643

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001c00', u'virtual_address': u'0x000b6000', u'entropy': 7.055392087563425, u'name': u'.BSS', u'virtual_size': u'0x00001b85'}

entropy

7.05539208756

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0005a800', u'virtual_address': u'0x000be000', u'entropy': 7.999488612495436, u'name': u'.cSs', u'virtual_size': u'0x0005a800'}

entropy

7.9994886125

description

A section with a high entropy has been found

entropy

0.916283348666

description

Overall entropy of this PE file is high

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Lumma.1u!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Ghanarava.1746265969b64b45
Skyhigh	BehavesLike.Win64.Generic.tc
ALYac	Gen:Variant.Midie.164240
Cylance	Unsafe
VIPRE	Gen:Variant.Midie.164240
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Midie.164240
K7GW	Trojan ( 005c52ac1 )
K7AntiVirus	Trojan ( 005c52ac1 )
Arcabit	Trojan.Midie.D28190
VirIT	Trojan.Win32.GenusT.EUOA
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Kryptik.EZZ
APEX	Malicious
Avast	Win64:MalwareX-gen [Cryp]
ClamAV	Win.Packed.Tedy-10044025-0
Kaspersky	Trojan-PSW.Win32.Lumma.iwg
Alibaba	TrojanPSW:Win32/Lumma.82a1903c
MicroWorld-eScan	Gen:Variant.Midie.164240
Rising	Trojan.ShellCodeLoader!1.12B08 (CLASSIC)
Emsisoft	Gen:Variant.Midie.164240 (B)
F-Secure	Trojan.TR/Kryptik.gfkes
Zillya	Trojan.Inject.Win32.352704
TrendMicro	Trojan.Win64.AMADEY.YXFDNZ
McAfeeD	ti!3A85BDD8B7E6
Trapmine	malicious.high.ml.score
CTX	exe.trojan.lumma
Sophos	Troj/Krypt-AQA
SentinelOne	Static AI - Suspicious PE
Jiangmin	Trojan.PSW.Lumma.hd
Webroot	Win.Trojan.Gen
Google	Detected
Avira	TR/Kryptik.gfkes
Antiy-AVL	Trojan/Win64.Kryptik
Kingsoft	malware.kb.a.930
Xcitium	Malware@#wvyuqcs4hkq6
Microsoft	Trojan:Win64/LummaC.AO!MTB
ZoneAlarm	Troj/Krypt-AQA
GData	Gen:Variant.Midie.164240
Varist	W64/ABTrojan.GPPO-6342
AhnLab-V3	Malware/Win.Lazy.C5748482
McAfee	Artemis!E4AF4FA65DF7
DeepInstinct	MALICIOUS
VBA32	TrojanPSW.Win64.Lumma
Malwarebytes	Crypt.Trojan.MSIL.DDS

b8c97f27-6a38-42ce-8655-fb96a3efd9f3

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All