popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

moe_map.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 25, 2021, 1:28 p.m. June 25, 2021, 1:32 p.m.
Size 337.0KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 e0400147067de5edf218ab94927d71a9
SHA256 0deaacb280bc7ce33416186f4bd52a2379152b003faae185dcc55be78193d0db
CRC32 D8A0B9CC
ssdeep 6144:Z36qfxR9vZuA/b0dwBU4+3sWOUT1yVFDGaJx11pBL1GzmUpKx:ZhfxvxvHvyD1yH6aJx1FxKmUW
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
apa1.xiaomitq.com
A 47.242.162.42
47.242.162.42
IP Address Status Action
164.124.101.2 Active Moloch
47.242.162.42 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2972
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c72000
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a7a4c size 0x00010828
name RT_MENU language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0019a7e0 size 0x00000016
name RT_MENU language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0019a7e0 size 0x00000016
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001a4938 size 0x000000b4
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001b8278 size 0x00000014
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001b8290 size 0x000001d8
name RT_MANIFEST language LANG_CHINESE filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001b846c size 0x00000276
file C:\Windows\start_game.exe
section {u'size_of_data': u'0x00042800', u'virtual_address': u'0x00164000', u'entropy': 7.799968251779568, u'name': u'.data', u'virtual_size': u'0x00043000'} entropy 7.79996825178 description A section with a high entropy has been found
entropy 0.790490341753 description Overall entropy of this PE file is high
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\moe_map.exe
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
McAfee Artemis!E0400147067D
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (W)
Symantec ML.Attribute.HighConfidence
Avast Win32:MalwareX-gen [Trj]
AegisLab Trojan.Win32.Generic.4!c
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.e0400147067de5ed
Avira HEUR/AGEN.1116205
Microsoft Program:Win32/Wacapew.C!ml
Cynet Malicious (score: 99)
Malwarebytes Malware.AI.1605481870
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_81%
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.9449c5