popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Bo7TjX1L2.php

Emotet UPX OS Processor Check PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 1, 2021, 1:31 p.m. July 1, 2021, 1:33 p.m.
Size 345.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2680d519097273ace671daf7ac0f9e8d
SHA256 c5b39009be422e89c793241831efd12c6827de20a56b71783d4fd80db9409910
CRC32 1DEDC566
ssdeep 6144:E19kSaAr3eU3UeDwtNz3Fe8fOV3rK+XLIsq6qUnHgs:69dDb5CVe8WV3rKQqQN
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
160.20.147.250 Active Moloch
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .text3
section .text2
suspicious_features Connection to IP address suspicious_request GET http://160.20.147.250/j.ad
request GET http://160.20.147.250/j.ad
section {u'size_of_data': u'0x0004c800', u'virtual_address': u'0x00001000', u'entropy': 7.184335391205139, u'name': u'.text', u'virtual_size': u'0x0004c73f'} entropy 7.18433539121 description A section with a high entropy has been found
entropy 0.9 description Overall entropy of this PE file is high
host 160.20.147.250
host 172.217.25.14
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.2680d519097273ac
McAfee Artemis!2680D5190972
Sangfor Trojan.Win32.Save.a
Cybereason malicious.3ce61d
BitDefenderTheta Gen:NN.ZexaF.34770.vy1@a0V5VFai
Symantec Packed.Generic.459
APEX Malicious
Paloalto generic.ml
Rising Malware.Heuristic!ET#88% (RDMK:cmRtazqgUy3kWx5iIiSdf1Mwc6l/)
McAfee-GW-Edition Artemis!Trojan
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Antiy-AVL Trojan/Generic.ASCommon.1BE
Microsoft Exploit:Win32/CVE-1999-0016.MR!MTB
Cynet Malicious (score: 100)
Acronis suspicious
Ikarus Trojan.Win32.Crypt
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 HEUR/QVM19.1.47DB.Malware.Gen