popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Ra.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 23, 2021, 10:04 a.m. April 23, 2021, 10:07 a.m.
Size 553.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 01b6e74634db81acecadb5fcc20932e9
SHA256 c09c016cd3f44ec4e0c4101dace8fb230871149f9cdc682e511af43fd73ef686
CRC32 3FC8E1B7
ssdeep 12288:t4qJTkwKaUHsBYBAoFQubXlwO69+rVtZ55k4y7rw:tzTkw5UMB6AS1XGB9+bZ55k9A
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • win_files_operation - Affect private profile
  • Library_Malware_Zero - Library Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .fij
section .dahal
section .new
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 327680
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002da000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1116
region_size: 593920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00078800', u'virtual_address': u'0x00001000', u'entropy': 7.7756405840155995, u'name': u'.text', u'virtual_size': u'0x0007865d'} entropy 7.77564058402 description A section with a high entropy has been found
entropy 0.872398190045 description Overall entropy of this PE file is high