popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

9.83B.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 25, 2021, 10 a.m. June 25, 2021, 10:56 a.m.
Size 2.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, RAR self-extracting archive
MD5 358b9c802b3f1774ba1c55ef94faa427
SHA256 e4a463c21c0705bc2254676b93cfb3b953341386f8f7ae7f0e9c94aa95609734
CRC32 7EE77778
ssdeep 49152:WCjuL2rFNy8oD7lPcRjqsOLaAh9gocAc9XTFzcWrOclS8SWvtWqGj:WCjuLsNy2OLj/Lc1TFzcsll+
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
extract_unicode_string_objattr+0x19a path_get_full_pathA-0xad @ 0x720bd155
path_get_full_path_objattr+0x27 reg_get_key-0x3e8 @ 0x720bd8c0
New_ntdll_NtCreateFile@44+0x16f New_ntdll_NtCreateKey@28-0xd9 @ 0x720cdc35
CreateFileW+0x35e CreateFileA-0x13d kernelbase+0x1b634 @ 0x76a8b634
CreateFileW+0x4a GetFullPathNameW-0x12e kernel32+0x13fa6 @ 0x75733fa6
CreateFileA+0x36 GetFileAttributesA-0x18 kernel32+0x153fc @ 0x757353fc
GetHookAPIs-0x35fb7 acgenral+0x22d62 @ 0x729b2d62
9+0x8b7f @ 0x408b7f
9+0x3f9a @ 0x403f9a
9+0x3eca @ 0x403eca
9+0x22a1 @ 0x4022a1
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8b 40 0c 89 42 1c 2b c0 c3 66 8b 04 24 66 3d 7f
exception.symbol: _setjmp3+0x44 _CIsqrt-0x8d msvcrt+0xee33
exception.instruction: mov eax, dword ptr [eax + 0xc]
exception.module: msvcrt.dll
exception.exception_code: 0xc0000005
exception.offset: 60979
exception.address: 0x764fee33
registers.esp: 1624600
registers.edi: 134217728
registers.eax: 3
registers.ebp: 1624644
registers.edx: 5046288
registers.ebx: 0
registers.esi: 2000421028
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 6240
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74441000
process_handle: 0xffffffff
1 0 0
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001ab4c size 0x00000162
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001ab4c size 0x00000162
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001ab4c size 0x00000162
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001ab4c size 0x00000162
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001ab4c size 0x00000162
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001b014 size 0x000000fe
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001b014 size 0x000000fe
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001b014 size 0x000000fe
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001b014 size 0x000000fe
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001f658 size 0x0000003e
name RT_MANIFEST language LANG_CHINESE filetype XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0001f69c size 0x00000213
section {u'size_of_data': u'0x00009800', u'virtual_address': u'0x00014000', u'entropy': 7.8843146453123385, u'name': u'UPX1', u'virtual_size': u'0x0000a000'} entropy 7.88431464531 description A section with a high entropy has been found
entropy 0.844444444444 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 172.217.25.14
MicroWorld-eScan Gen:Variant.Johnnie.262101
McAfee Artemis!358B9C802B3F
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
Cybereason malicious.02b3f1
APEX Malicious
Paloalto generic.ml
BitDefender Gen:Variant.Johnnie.262101
McAfee-GW-Edition BehavesLike.Win32.BadFile.vc
FireEye Gen:Variant.Johnnie.262101
Emsisoft Gen:Variant.Johnnie.262101 (B)
Ikarus HackTool.Win32.VB
GData Gen:Variant.Bulz.488902
Jiangmin Trojan.Pasta.dsg
MAX malware (ai score=86)
Gridinsoft Risk.Win32.RemoteAdmin.vb!s2
Microsoft Trojan:Win32/Zpevdo.B
VBA32 suspected of Malware.VB.39
ALYac Gen:Variant.Bulz.488902
Malwarebytes Malware.AI.4264022839
SentinelOne Static AI - Suspicious SFX
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Avast Win32:Malware-gen