popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

dubi.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x3201 April 10, 2021, 9:01 a.m. April 10, 2021, 9:04 a.m.
Size 766.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7d828df10c7f01c56773e98a6a88d5a8
SHA256 078741f43087dba0c7be612a212710c83c602d28a6a64a40581ca1df90820101
CRC32 82B8B033
ssdeep 12288:Vo6MTH47YMZvW5pGyPBY58/iTkMRYBwEtvHXBGonoPPBuki9HcJFJagem+Whrk4r:Is7/tW5L+58qUBxxG7i98fMcdk4+S
Yara
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .kefo
section .zokohef
section .new
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 593920
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01860000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2244
region_size: 1155072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x019c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x000b2a00', u'virtual_address': u'0x00001000', u'entropy': 7.919950016115085, u'name': u'.text', u'virtual_size': u'0x000b299a'} entropy 7.91995001612 description A section with a high entropy has been found
entropy 0.933376877858 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
McAfee Packed-GBF!7D828DF10C7F
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
ESET-NOD32 a variant of Win32/GenKryptik.FDVZ
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan-Ransom.Win32.Stop.gen
Avast Win32:DropperX-gen [Drp]
Tencent Win32.Trojan.Raas.Auto
Sophos ML/PE-A
McAfee-GW-Edition BehavesLike.Win32.Generic.bc
FireEye Generic.mg.7d828df10c7f01c5
Ikarus Trojan.Crypt
Webroot W32.Malware.Gen
AegisLab Trojan.Win32.Mokes.m!c
Microsoft Trojan:Win32/Ranumbot.RF!MTB
Acronis suspicious
VBA32 BScope.Trojan.Wacatac
Malwarebytes Trojan.MalPack.GS
Rising Trojan.Kryptik!1.D4B0 (CLOUD)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HKIW!tr
BitDefenderTheta Gen:NN.ZexaF.34670.VCW@am!0Lwic
AVG Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 HEUR/QVM10.1.7A9B.Malware.Gen