Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 5, 2021, 1:22 p.m.	April 5, 2021, 1:25 p.m.

Size	558.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c7845e1fc375b2edb666c547c83fb76e`
SHA256	`f72a2fd77ccffec0e2c9bf4570895a48942135778325d52ca2996f54d26a45c3`
CRC32	`75ED84A1`
ssdeep	`12288:+mMFa2DRucv5S7xdHpp2wmZEM1AU12E61K9NQFeZvk6L:Dca2DGnTO2E61kNQOvk6`
Yara	win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.new

resource name	AFX_DIALOG_LAYOUT
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 5, 2021, 1:22 p.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 327680 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0195a000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 5, 2021, 1:22 p.m.	process_identifier: 4564 region_size: 593920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x017d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00078600', u'virtual_address': u'0x00001000', u'entropy': 7.782013558566184, u'name': u'.text', u'virtual_size': u'0x00078437'}

entropy

7.78201355857

description

A section with a high entropy has been found

entropy

0.864452423698

description

Overall entropy of this PE file is high

host

172.217.25.14

phantom.exe