Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 28, 2021, 2:05 p.m.	July 28, 2021, 2:07 p.m.

Size	1.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`374fb48a959a96ce92ae0e4346763293`
SHA256	`f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa`
CRC32	`959A1EA1`
ssdeep	`24576:1oJBu2XV04jnHW8VwBYcOa3sM6zlYzLhQ0zJ68VQWWRWqMZ:Su4jHmScOcsvWkq3Z`
Yara	IsPE32 - (no description) Win32_PWS_Loki_Zero - Win32 PWS Loki OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 28, 2021, 2:05 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 28, 2021, 2:05 p.m.		1	1	0

section	.00cfg
section	.gfids

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 28, 2021, 2:05 p.m.	process_identifier: 2004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e02000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 28, 2021, 2:05 p.m.	process_identifier: 2004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73aa3000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0004ba00', u'virtual_address': u'0x000bc000', u'entropy': 7.823500489606461, u'name': u'.rsrc', u'virtual_size': u'0x0004b8e0'}

entropy

7.82350048961

description

A section with a high entropy has been found

entropy

0.287001897533

description

Overall entropy of this PE file is high

registry

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

copp.exe