popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

chim.exe

Generic Malware Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 30, 2021, 10:56 a.m. July 30, 2021, 11:14 a.m.
Size 628.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 b71262d7af92b5dcff86aa485d58c1cb
SHA256 74c21015bd84743d97f01152a00e46839d712e2540c4030aa941f501f36f9dab
CRC32 7CEB39B2
ssdeep 12288:6erWFtf9O4BkeYnoXALQ710aOG6L3z/AjuAxbEtB9K0Jt3S1RYdRuaKGR6:6EWxBkLnowcGaOx3TAjlgzZMY/uaKR
Yara
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 81920
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000027810000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1016
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000027b80000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1016
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000027ba0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0009cc00', u'virtual_address': u'0x00151000', u'entropy': 7.915794372463432, u'name': u'UPX1', u'virtual_size': u'0x0009d000'} entropy 7.91579437246 description A section with a high entropy has been found
entropy 0.999203187251 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007feff017a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000771c0000
-1073741511 0
MicroWorld-eScan Gen:Variant.Bulz.232094
FireEye Generic.mg.b71262d7af92b5dc
McAfee Artemis!B71262D7AF92
Sangfor Riskware.Win32.Agent.ky
Cybereason malicious.7af92b
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Generik.GQYHWQJ
TrendMicro-HouseCall TROJ_GEN.R002H09GT21
Paloalto generic.ml
Kaspersky Trojan.Win64.Donut.adm
BitDefender Gen:Variant.Bulz.232094
Avast Win64:Malware-gen
Ad-Aware Gen:Variant.Bulz.232094
McAfee-GW-Edition BehavesLike.Win64.Trickbot.jc
Emsisoft Gen:Variant.Bulz.232094 (B)
APEX Malicious
MAX malware (ai score=81)
Antiy-AVL Trojan/Generic.ASBOL.C5E3
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Bulz.232094
Cynet Malicious (score: 100)
ALYac Gen:Variant.Bulz.232094
Ikarus Win32.Outbreak
Fortinet PossibleThreat.PALLAS.H
Webroot W32.Trojan.Gen
AVG Win64:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win64/Trojan.Generic.H8oA6RsA