Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 28, 2025, 8:57 a.m.	April 28, 2025, 8:59 a.m.

Size	7.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cb4d862a16e2d83e834fc28bcfce2166`
SHA256	`d0d387a7c32bfae33589ae9d1de850e39fede187e6f01182e5837a73cfd0c6d3`
CRC32	`E9F3817E`
ssdeep	`196608:jkOx63UjHwlGIYMvkGDnKaefzIZ5noloSba0FuFg4LdG:jxUhbYMvkSnKb8j0Fu+V`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Rapidsvn.exe "C:\Users\test22\AppData\Local\Temp\Rapidsvn.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (5 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 28, 2025, 8:57 a.m.			0	0
IsDebuggerPresent April 28, 2025, 8:57 a.m.			0	0
IsDebuggerPresent April 28, 2025, 8:57 a.m.			0	0
IsDebuggerPresent April 28, 2025, 8:57 a.m.			0	0
IsDebuggerPresent April 28, 2025, 8:57 a.m.			0	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BINARY

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 28, 2025, 8:57 a.m.	stacktrace: _AddEmp@4-0x1b rapidsvn+0x4f305 @ 0xfff305 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 exception.symbol: GetStartupInfoA-0x10e00 kernel32+0x0 exception.instruction: dec ebp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 0 exception.address: 0x755b0000 registers.esp: 4390200 registers.edi: 1968898048 registers.eax: 0 registers.ebp: 4390356 registers.edx: 0 registers.ebx: 1359 registers.esi: 1359 registers.ecx: 256	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00059000', u'virtual_address': u'0x00051000', u'entropy': 7.999038077890786, u'name': u'.data', u'virtual_size': u'0x00059159'}

entropy

7.99903807789

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00735600', u'virtual_address': u'0x000ac000', u'entropy': 7.985724845397448, u'name': u'.rsrc', u'virtual_size': u'0x00735418'}

entropy

7.9857248454

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0000c400', u'virtual_address': u'0x007e2000', u'entropy': 6.840634227322346, u'name': u'.reloc', u'virtual_size': u'0x0000c38c'}

entropy

6.84063422732

description

A section with a high entropy has been found

entropy

0.960999691453

description

Overall entropy of this PE file is high

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Fragtor.841546
Cylance	Unsafe
VIPRE	Gen:Variant.Fragtor.841546
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Gen:Variant.Fragtor.841546
Arcabit	Trojan.Fragtor.DCD74A
VirIT	Trojan.Win32.GenHeur.C
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.HIOA
APEX	Malicious
Avast	MalwareX-gen [Drp]
MicroWorld-eScan	Gen:Variant.Fragtor.841546
Rising	Spyware.Ursnif!8.1DEF (TFE:2:8Xnv1BIju5M)
Emsisoft	Gen:Variant.Fragtor.841546 (B)
Trapmine	malicious.high.ml.score
CTX	exe.unknown.fragtor
SentinelOne	Static AI - Malicious PE
GData	Gen:Variant.Fragtor.841546
DeepInstinct	MALICIOUS
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9Z
huorong	HVM:VirTool/Obfuscator.gen!A
AVG	MalwareX-gen [Drp]

Rapidsvn.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All