Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 16, 2021, 12:12 p.m.	March 16, 2021, 12:12 p.m.

Size	346.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fcf94dfc58e09cace2777ad5e49e1dbc`
SHA256	`f63b169e6589d2403bf32cca047ead493f0fb6490250366dbdff4b72384765b5`
CRC32	`A63CE4F8`
ssdeep	`6144:bOIWW/GElfb6Nm+k+fWnYz7BHZiRCn9wzlZ0x:bOIvNfONXfyYzNZu49Yy`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00033000', u'virtual_address': u'0x00001000', u'entropy': 7.995609195801723, u'name': u'.rdata', u'virtual_size': u'0x00033000'}

entropy

7.9956091958

description

A section with a high entropy has been found

entropy

0.590448625181

description

Overall entropy of this PE file is high

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

MicroWorld-eScan	Trojan.GenericKD.45781014
FireEye	Generic.mg.fcf94dfc58e09cac
CAT-QuickHeal	Trojan.Trickpak
McAfee	RDN/TrickBot
Cylance	Unsafe
Sangfor	Trojan.Win32.Trickpak.do
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Trickpak.e181b4ba
K7GW	Trojan ( 005785ae1 )
K7AntiVirus	Trojan ( 005785ae1 )
BitDefenderTheta	Gen:NN.ZedlaF.34608.vu4@aW7PAmi
Cyren	W32/Trojan.YFLG-6079
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Trickpak.do
BitDefender	Trojan.GenericKD.45781014
NANO-Antivirus	Trojan.Win32.Trickpak.inmjrr
Avast	Win32:BankerX-gen [Trj]
Tencent	Win32.Trojan.Trickpak.Eill
Ad-Aware	Trojan.GenericKD.45781014
Sophos	ML/PE-A
Comodo	Malware@#17gck4vicjhb2
DrWeb	Trojan.KillProc2.15167
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R066C0DBS21
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Emsisoft	Trojan.GenericKD.45781014 (B)
Ikarus	Trojan.Win32.Krypt
ESET-NOD32	a variant of Win32/Kryptik.HJQZ
Avira	TR/AD.TrickBot.vgsvr
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/TrickBot.DM!MTB
ViRobot	Trojan.Win32.Z.Agent.354816.HD
GData	Trojan.GenericKD.45781014
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4347287
VBA32	Trojan.Trickpak
ALYac	Backdoor.Agent.Trickbot
MAX	malware (ai score=82)
Malwarebytes	Trojan.TrickBot
TrendMicro-HouseCall	TROJ_GEN.R066C0DBS21
Rising	Trojan.Trickpak!8.122C7 (CLOUD)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.115353901.susgen
Fortinet	PossibleThreat.MU
AVG	Win32:BankerX-gen [Trj]
Panda	Trj/GdSda.A
Qihoo-360	Win32/Heur.Generic.Hx4CgxsA

m80.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All