Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 7:30 p.m.	June 24, 2021, 8:04 p.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8aa62ed37255b651a55ede3bad34e4f8`
SHA256	`3f11bad14437faae83c0acab00f66cd04e85a61b53c309d63e7aeeb7aed63755`
CRC32	`CD17CA81`
ssdeep	`24576:uAHnh+eWsN3skA4RV1Hom2KXMmHaKva9h7yFVgfHic9skg5:Zh+ZkldoPK8YaKvaPqV8H3s5`
Yara	PE_Header_Zero - PE File Signature CryptGenKey_Zero - CryptGenKey Zero OS_Processor_Check_Zero - OS Processor Check Device_Check_Zero - Device Check Zero IsPE32 - (no description) FindFirstVolume_Zero - FindFirstVolume Zero Process_Snapshot_Kill_Zero - Process Kill Zero

chaosgroup.v-ray.4.00.02.sketchup.activate.2015-2019.exe "C:\Users\test22\AppData\Local\Temp\chaosgroup.v-ray.4.00.02.sketchup.activate.2015-2019.exe"
812

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 24, 2021, 7:30 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 24, 2021, 7:30 p.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2021, 7:30 p.m.	process_identifier: 812 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0005f000', u'virtual_address': u'0x000c8000', u'entropy': 7.901331413938724, u'name': u'.rsrc', u'virtual_size': u'0x0005ef50'}

entropy

7.90133141394

description

A section with a high entropy has been found

entropy

0.31973075305

description

Overall entropy of this PE file is high

host

172.217.25.14

chaosgroup.v-ray.4.00.02.sketchup.activate.2015-2019.exe