Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 24, 2021, 10:50 p.m.	June 25, 2021, 12:07 a.m.

Size	8.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`045cd8a6189dd15ad2b8e394f19b32f6`
SHA256	`702939d19fe783284ba1e80a33490caf3623a248a6de5c933a34bca17d01f5b8`
CRC32	`F590438A`
ssdeep	`196608:R1p0qUlrB8q6W1QmXZTkFkUpmKtX4vGoO85zxkGrs:Rf0ZlsuNZW2vw8Jps`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

resource name	UNICODEDATA
resource name	VCLSTYLE

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2021, 10:50 p.m.	process_identifier: 1296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728a2000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 24, 2021, 10:50 p.m.	process_identifier: 1296 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW June 24, 2021, 10:52 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 13717254144 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

section

{u'size_of_data': u'0x00876200', u'virtual_address': u'0x01126000', u'entropy': 7.933549056900632, u'name': u'UPX1', u'virtual_size': u'0x00877000'}

entropy

7.9335490569

description

A section with a high entropy has been found

entropy

0.985666344349

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

e9S