popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ret4.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 2, 2021, 10:20 a.m. April 2, 2021, 10:20 a.m.
Size 363.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 9b224a8a1e6e5897e47fee0eb1e21766
SHA256 33eab464bca9b39b6c4457cf44320e2e70363a3581bd9b81bca93bca0c63e5d4
CRC32 F4955DE1
ssdeep 6144:vhzyPKlU/jriw3TS6WcziGK4TXj0XF9jywcY/CB/EhNZ:5OCqGDGK4TzIyA/s/EhNZ
PDB Path k:\async-socket-win32-demo\x64\Release\AsyncSocket.pdb
Yara
  • PE_Header_Zero - PE File Signature Zero
  • network_dns - Communications use DNS
  • win_files_operation - Affect private profile

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path k:\async-socket-win32-demo\x64\Release\AsyncSocket.pdb
Elastic malicious (high confidence)
McAfee Artemis!9B224A8A1E6E
Paloalto generic.ml
McAfee-GW-Edition BehavesLike.Win64.Virut.fc
FireEye Generic.mg.9b224a8a1e6e5897
Kingsoft Win32.Troj.Undef.(kcloud)
GData Win64.Trojan.Kryptik.4OCJW4
Cynet Malicious (score: 90)
Rising Malware.Undefined!8.C (CLOUD)
section {u'size_of_data': u'0x00039e00', u'virtual_address': u'0x00026000', u'entropy': 7.609701455665436, u'name': u'.rsrc', u'virtual_size': u'0x00039d38'} entropy 7.60970145567 description A section with a high entropy has been found
entropy 0.639502762431 description Overall entropy of this PE file is high