popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

NolkaQibon.exe

VMProtect PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 2, 2021, 9:21 a.m. July 2, 2021, 9:30 a.m.
Size 5.4MB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 bd4fefc85df91dd4a1ea0959f50ee11d
SHA256 393da31320be78156d5f1352460db20279dba0cc863e8494456f5badb78c652f
CRC32 0E4FBA85
ssdeep 98304:8CzIvx2vxRwD7P1KZdH7yzoRdXwyVRsaH+18IyfksDaZn1FUwIemqUPzsWwYHaK:Cvx26YdLRG+RFH+18I4kHFUwIe5Y4Wt6
Yara
  • IsPE32 - (no description)
  • VMProtect_Zero - VMProtect packed file
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .vmp0
section .vmp1
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2216
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00350000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype PGP symmetric key encrypted data - Plaintext or unencrypted data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x008d90a0 size 0x0000018c
section {u'size_of_data': u'0x0056c600', u'virtual_address': u'0x0036b000', u'entropy': 7.955575669282568, u'name': u'.vmp1', u'virtual_size': u'0x0056c580'} entropy 7.95557566928 description A section with a high entropy has been found
entropy 0.999550035997 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Bulz.525797
CAT-QuickHeal Trojan.Gofot
ALYac Gen:Variant.Bulz.525797
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 7000001c1 )
Alibaba Trojan:Win32/Gofot.5e20b109
K7GW Trojan ( 7000001c1 )
Cybereason malicious.85df91
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Gofot.pdf
BitDefender Gen:Variant.Bulz.525797
Paloalto generic.ml
Tencent Win32.Trojan.Gofot.Pgwt
Ad-Aware Gen:Variant.Bulz.525797
Sophos Mal/VMProtBad-A
TrendMicro TROJ_GEN.R002C0RFM21
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc
FireEye Generic.mg.bd4fefc85df91dd4
Emsisoft Gen:Variant.Bulz.525797 (B)
Ikarus Trojan.Gofot
GData Gen:Variant.Bulz.525797
Jiangmin Trojan.Gofot.bcs
MAX malware (ai score=80)
Antiy-AVL Trojan/Generic.ASMalwS.33A2FBA
Kingsoft Win32.Troj.Gofot.p.(kcloud)
Arcabit Trojan.Bulz.D805E5
AegisLab Trojan.Win32.Gofot.4!c
ZoneAlarm Trojan.Win32.Gofot.pdf
Microsoft Trojan:Win32/Tnega!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4530249
McAfee Artemis!BD4FEFC85DF9
VBA32 TScope.Malware-Cryptor.SB
TrendMicro-HouseCall TROJ_GEN.R002C0RFM21
Rising Trojan.Generic@ML.93 (RDML:yrMZOERks7TheBQJiPusEw)
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/VMProtBad.A
BitDefenderTheta Gen:NN.ZexaF.34770.@F0@au1iJ9kj
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen