Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 12, 2021, 10 p.m.	March 12, 2021, 10:01 p.m.

Size	166.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b774f72c1f50fa5594c027e42eb167b7`
SHA256	`49ea147d81571f44dd43ff4abb3792d722d8394ae48fc95c1a704400f2edcd3a`
CRC32	`12673C1B`
ssdeep	`3072:JLFrb30BRtBZZg+i2ayyYOCWGPyLydrkxMT3Q93h4yycU3h:NJ0BXScFyfC3Hd4yg7TA`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasRichSignature - Rich Signature Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.41hfa

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00017a00', u'virtual_address': u'0x00001000', u'entropy': 7.6381976294039235, u'name': u'.text', u'virtual_size': u'0x00017974'}

entropy

7.6381976294

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00002c00', u'virtual_address': u'0x00019000', u'entropy': 7.899122488529284, u'name': u'.rdata', u'virtual_size': u'0x00002b74'}

entropy

7.89912248853

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001e00', u'virtual_address': u'0x0001c000', u'entropy': 7.414423746817301, u'name': u'.data', u'virtual_size': u'0x00001f90'}

entropy

7.41442374682

description

A section with a high entropy has been found

entropy

0.684848484848

description

Overall entropy of this PE file is high

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6
FireEye	Generic.mg.b774f72c1f50fa55
McAfee	Sodinokibi!B774F72C1F50
Cylance	Unsafe
Zillya	Trojan.Encoder.Win32.1410
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Revil.af3b0960
K7GW	Trojan ( 0054d99c1 )
K7AntiVirus	Trojan ( 0054d99c1 )
Arcabit	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6
Cyren	W32/Kryptik.AKW.gen!Eldorado
Symantec	Trojan Horse
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Ransomware.Sodinokibi-7013612-0
Kaspersky	HEUR:Trojan-Ransom.Win32.Sodin.vho
BitDefender	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Paloalto	generic.ml
AegisLab	Trojan.Win32.Encoder.j!c
Tencent	Malware.Win32.Gencirc.10b8f30e
Ad-Aware	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6
Sophos	Mal/Generic-S + Troj/Sodino-BU
Comodo	Malware@#2axg5bwv7p78a
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.Encoder.28004
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom.Win32.SODINOKIBI.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Emsisoft	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6 (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Gen.aqf
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Ransom.oa!s1
Microsoft	Ransom:Win32/Revil.SI!MTB
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Sodin.vho
GData	DeepScan:Generic.Ransom.Sodinokibi.AD18CDB6
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.BlueCrab.R331768
BitDefenderTheta	AI:Packer.1A80B2361D
ALYac	Trojan.Ransom.Sodinokibi
TACHYON	Ransom/W32.Sodinokibi.169984
VBA32	BScope.Trojan.DelShad
Malwarebytes	Sodinokibi.Ransom.Encrypt.DDS

49ea147d81571f44dd43ff4abb3792d722d8394ae48fc95c1a704400f2edcd3a

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All