popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

getfp.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 23, 2021, 6:13 p.m. April 23, 2021, 6:40 p.m.
Size 753.5KB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 941b755a404a616a55ea57ff4dbfe184
SHA256 9afabdf762ea2e412019ce0f6004f7fe1c948f2b36e1aab347e623fedd5ef440
CRC32 A488504D
ssdeep 12288:73lWfpsC7DCRQ5vy7FAUqFrnCg0g5twEPoW+NFBTEC3cKwu7AyKCYmQ4TNkw+ZmV:bl6pLnkLqdCfdEPoW+1J5wcAuZNT2/D5
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsConsole - (no description)
  • IsPacked - Entropy Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2021/04/23 18:13:44 couldn't read config: couldn't get servers: The system cannot find the file specified.
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x000bc200', u'virtual_address': u'0x00128000', u'entropy': 7.8758690026524265, u'name': u'UPX1', u'virtual_size': u'0x000bd000'} entropy 7.87586900265 description A section with a high entropy has been found
entropy 0.999335989376 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe3d
function_name: wine_get_version
module: ntdll
module_address: 0x773a0000
3221225785 0
Elastic malicious (high confidence)
DrWeb Trojan.SpyBot.981
MicroWorld-eScan Trojan.GenericKD.45870039
FireEye Trojan.GenericKD.45870039
CAT-QuickHeal Trojan.Glupteba
ALYac Trojan.GenericKD.45870039
Cylance Unsafe
Zillya Trojan.Convagent.Win32.2448
Sangfor Trojan.Win32.Glupteba.ml
K7AntiVirus Trojan ( 005772141 )
Alibaba Trojan:Win32/RanumBot.8e309ee6
K7GW Trojan ( 005772141 )
Cybereason malicious.a404a6
ESET-NOD32 a variant of WinGo/RanumBot.X
APEX Malicious
Avast Win32:Trojan-gen
BitDefender Trojan.GenericKD.45870039
NANO-Antivirus Trojan.Win32.SpyBot.imajnj
ViRobot Trojan.Win32.Z.Spybot.771584
Tencent Win32.Trojan.Ursu.Hqlf
Ad-Aware Trojan.GenericKD.45870039
Emsisoft Trojan.GenericKD.45870039 (B)
Comodo Malware@#1dfd84iay1a37
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.GLUPTEBA.USMANBJ21
Sophos Mal/Generic-S
Ikarus Trojan.WinGo.Ranumbot
Cyren W32/Trojan.NAGC-8150
Jiangmin Trojan.Agent.dfzw
Webroot W32.Trojan.Gen
Avira TR/SpyBot.wtjrf
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.RanumBot.ns
Arcabit Trojan.Generic.D2BBEBD7
AegisLab Trojan.Win32.Zbot.lqDR
Microsoft Trojan:Win32/Glupteba!ml
Cynet Malicious (score: 100)
McAfee GenericRXAA-FA!941B755A404A
MAX malware (ai score=81)
VBA32 TrojanSpyBot
Malwarebytes Trojan.Glupteba
TrendMicro-HouseCall TrojanSpy.Win32.GLUPTEBA.USMANBJ21
Rising Trojan.RanumBot!8.112AC (CLOUD)
Yandex Trojan.Igent.bVFHoD.47
MaxSecure Trojan.Malware.115193403.susgen
Fortinet W32/RanumBot.X!tr
AVG Win32:Trojan-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)