popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

app.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 4, 2021, 6:16 p.m. July 4, 2021, 6:21 p.m.
Size 4.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 89e0a36b57563ebf002eda8fd2678374
SHA256 7471e982051110160ecb8d1a95aa8ba5d8f3d61d341706232caf57c1b8b3ac88
CRC32 DD7C14DA
ssdeep 98304:ez81pTgjH1QXkfW3LAlYvE78tqeeniZxBh:ez+pTgjH1CkfW3sMqeenivX
PDB Path C:\nafuzuvani\volirej.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\nafuzuvani\volirej.pdb
resource name AFX_DIALOG_LAYOUT
resource name DAXEGAJOBAREHOKEZOPUKE
resource name NEVOM
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4440064
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01010000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 9592832
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01450000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name DAXEGAJOBAREHOKEZOPUKE language LANG_SERBIAN filetype ASCII text, with very long lines, with no line terminators sublanguage SUBLANG_DEFAULT offset 0x006069f0 size 0x00000685
name NEVOM language LANG_SERBIAN filetype ASCII text, with very long lines, with no line terminators sublanguage SUBLANG_DEFAULT offset 0x00607078 size 0x000008bd
name RT_ICON language LANG_SERBIAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT offset 0x00606548 size 0x00000468
name RT_ICON language LANG_SERBIAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT offset 0x00606548 size 0x00000468
name RT_ICON language LANG_SERBIAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT offset 0x00606548 size 0x00000468
name RT_ICON language LANG_SERBIAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_DEFAULT offset 0x00606548 size 0x00000468
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x00607b68 size 0x00000240
name RT_ACCELERATOR language LANG_SERBIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x00607960 size 0x00000010
name RT_ACCELERATOR language LANG_SERBIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x00607960 size 0x00000010
name RT_GROUP_ICON language LANG_SERBIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x006069b0 size 0x0000003e
section {u'size_of_data': u'0x0044b800', u'virtual_address': u'0x00001000', u'entropy': 7.99894241189313, u'name': u'.text', u'virtual_size': u'0x0044b766'} entropy 7.99894241189 description A section with a high entropy has been found
entropy 0.978855998219 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
FireEye Generic.mg.89e0a36b57563ebf
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
BitDefender Gen:Variant.Cerbu.106352
Ad-Aware Gen:Variant.Cerbu.106352
Emsisoft Gen:Variant.Cerbu.106352 (B)
Avira TR/Crypt.ZPACK.Gen
Gridinsoft Trojan.Gen.dd!c
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Cerbu.106352
Cynet Malicious (score: 100)
VBA32 Malware-Cryptor.InstallCore.6
Malwarebytes Trojan.MalPack.GS
SentinelOne Static AI - Malicious PE
Fortinet W32/GenKryptik.ERHN!tr