Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 6, 2025, 9:33 p.m.	May 6, 2025, 9:37 p.m.

Size	926.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`07042a173d5803669520714294e17226`
SHA256	`4e9ccef0ba71db493d684ebe1adfea22f95265cb686fff5f85be694aa66e0b61`
CRC32	`AA59EC54`
ssdeep	`24576:9no9eS8cpPajzgvVesfn1YUVDgvVesfn1YUV:5SLSUVLtYgkVLtYg`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ May 6, 2025, 9:33 p.m.	stacktrace: zw3ta4m+0x32d57 @ 0x13f112d57 zw3ta4m+0x59a7 @ 0x13f0e59a7 zw3ta4m+0x2a7a3 @ 0x13f10a7a3 zw3ta4m+0x314fe @ 0x13f1114fe BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74 exception.symbol: zw3ta4m+0x32d57 exception.instruction: movzx r8d, word ptr [rcx] exception.module: Zw3tA4m.exe exception.exception_code: 0xc0000005 exception.offset: 208215 exception.address: 0x13f112d57 registers.r14: 0 registers.r15: 0 registers.rcx: 110 registers.rsi: 0 registers.r10: -72340172838076673 registers.rbx: 0 registers.rsp: 6159840 registers.r11: -9187201950435737472 registers.r8: 0 registers.r9: 2266862613 registers.rdx: 5353156072 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 75 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x00042400', u'virtual_address': u'0x00001000', u'entropy': 6.906865489791196, u'name': u'.text', u'virtual_size': u'0x000422ca'}

entropy

6.90686548979

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00047e00', u'virtual_address': u'0x0005d000', u'entropy': 7.999385710319765, u'name': u'.bss', u'virtual_size': u'0x00047e00'}

entropy

7.99938571032

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00047e00', u'virtual_address': u'0x000a5000', u'entropy': 7.999385710319765, u'name': u'.bss', u'virtual_size': u'0x00047e00'}

entropy

7.99938571032

description

A section with a high entropy has been found

entropy

0.918534718425

description

Overall entropy of this PE file is high

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.1746480027e17226
Skyhigh	BehavesLike.Win64.VirusWinExpiro.dc
ALYac	Gen:Variant.Lazy.679694
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.679694
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Lazy.679694
K7GW	Trojan ( 005c659e1 )
K7AntiVirus	Trojan ( 005c659e1 )
Arcabit	Trojan.Lazy.DA5F0E
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Kryptik.FBO
Avast	Win64:MalwareX-gen [Cryp]
Kaspersky	Trojan-Spy.Win32.Noon.bldz
MicroWorld-eScan	Gen:Variant.Lazy.679694
Rising	Stealer.Lumma!8.177F6 (TFE:5:uvQnZKLKhyR)
Emsisoft	Gen:Variant.Lazy.679694 (B)
F-Secure	Trojan.TR/Kryptik.clgmi
McAfeeD	ti!4E9CCEF0BA71
CTX	exe.trojan.kryptik
Sophos	Mal/Generic-S
Webroot	Win.Trojan.Lummastealer
Google	Detected
Avira	TR/Kryptik.clgmi
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	malware.kb.a.980
Gridinsoft	Trojan.Win64.Kryptik.sa
Microsoft	Trojan:Win32/FormBook!rfn
GData	Gen:Variant.Lazy.679694
Varist	W64/Agent.LCQ.gen!Eldorado
AhnLab-V3	Trojan/Win.Kryptik.R703486
McAfee	Artemis!07042A173D58
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.FakeMS
Ikarus	Win32.Outbreak
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9Z
huorong	HEUR:Trojan/Agent.dc
Fortinet	W64/GenKryptik.NQ!tr
AVG	Win64:MalwareX-gen [Cryp]
alibabacloud	Trojan[stealer]:Win/Convagent.gyf

Zw3tA4m.exe