Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 23, 2021, 5:54 p.m.	March 23, 2021, 5:58 p.m.

Size	32.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76ca2bd487ce34419aeb0707ab79c686`
SHA256	`bca81c611dc8f8505de5cab900d0c1460a9929187e0b1359807d0c869bbf2a66`
CRC32	`28A2AFA8`
ssdeep	`768:FrqQ7AmV3rjBkyo1bGk/8K9hWkiwtwTxC+YASD+30UYlyKQAth:F33k6Z3JFCnAmD++`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check ImportTableIsBad - ImportTable Check FASM - http://flatassembler.net

14111.txt "C:\Users\test22\AppData\Local\Temp\14111.txt"
2952

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008000', u'virtual_address': u'0x00001000', u'entropy': 7.7032107615514525, u'name': u'.text', u'virtual_size': u'0x00007ebf'}

entropy

7.70321076155

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ser.Razy.7042
FireEye	Generic.mg.76ca2bd487ce3441
CAT-QuickHeal	Trojan.Generic
ALYac	Trojan.Agent.Dofoil
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005778b31 )
Alibaba	Trojan:Win32/Smokeloader.16c8c3c4
K7GW	Trojan ( 005778b31 )
Cybereason	malicious.487ce3
Cyren	W32/Dofoil.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Razy-7588195-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ser.Razy.7042
NANO-Antivirus	Trojan.Win32.Zurgop.fednlb
Paloalto	generic.ml
AegisLab	Trojan.Win32.Zurgop.4!c
Tencent	Win32.Trojan.Generic.Ajly
Ad-Aware	Gen:Variant.Ser.Razy.7042
Sophos	ML/PE-A + Mal/Behav-204
DrWeb	Trojan.PWS.Spy.21017
VIPRE	Trojan.Win32.Winwebsec.m (v)
TrendMicro	Trojan.Win32.ZURGOP.SM
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.nc
Emsisoft	Trojan-Downloader.Zurgop (A)
Ikarus	Trojan-Downloader.Win32.Dofoil
Jiangmin	Trojan.Generic.cgmcl
Avira	TR/Crypt.XPACK.Gen
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	TrojanDownloader:Win32/Dofoil.AD
ViRobot	Trojan.Win32.Z.Zurgop.33280.BU
GData	Gen:Variant.Ser.Razy.7042
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Dofoil.R223509
Acronis	suspicious
McAfee	GenericRXGK-YC!76CA2BD487CE
MAX	malware (ai score=83)
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Agent
ESET-NOD32	a variant of Win32/Smokeloader.J
TrendMicro-HouseCall	Trojan.Win32.ZURGOP.SM
Rising	Downloader.Zurgop!8.4BB (CLOUD)
Yandex	Trojan.Agent!QHrJybMuK6s
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_100%

14111.txt

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All