popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

filename.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 12, 2021, 2:33 p.m. April 12, 2021, 2:35 p.m.
Size 553.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7b8cec428653a5a825830748cd6426a7
SHA256 f60284a15a48a371bae8ac4adc43cddfdb79e6150ce03f620d0cce8aec441159
CRC32 7A302347
ssdeep 12288:NoEdDUokeYkljLEuTwVvSrLTQ3IAkzounyvWGNQaUTlvEhtCgD:NfqwjLEuToKxoTWGNQhZCD
Yara
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vadunac
section .guli
section .new
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 7388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 327680
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002bc000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 7388
region_size: 593920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05650000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00078a00', u'virtual_address': u'0x00001000', u'entropy': 7.783843540574542, u'name': u'.text', u'virtual_size': u'0x0007896f'} entropy 7.78384354057 description A section with a high entropy has been found
entropy 0.874094202899 description Overall entropy of this PE file is high
host 172.217.25.14
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.7b8cec428653a5a8
McAfee GenericRXAA-FA!7B8CEC428653
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7GW Riskware ( 800800801 )
Cybereason malicious.2a5f62
Symantec ML.Attribute.HighConfidence
APEX Malicious
Sophos ML/PE-A
McAfee-GW-Edition BehavesLike.Win32.Generic.hc
Ikarus Trojan.Win32.Crypt
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34670.ICW@aOcffUcG
Malwarebytes Trojan.Agent.UKED
Rising Malware.Heuristic!ET#80% (RDMK:cmRtazpdK5JCOsoOlNzlRFh5NIpG)
SentinelOne Static AI - Malicious PE
Fortinet W32/GenKryptik.FDXJ!tr
CrowdStrike win/malicious_confidence_80% (D)
Qihoo-360 HEUR/QVM10.1.8769.Malware.Gen