popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

tabhost.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 1, 2021, 9:14 a.m. Aug. 1, 2021, 9:18 a.m.
Size 1.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2b2019bf18467e9150aeda07acbdd1e8
SHA256 aaaab76abff4dc4dec34b967a7f3f03cf937d1d47f806bf193f9cb80d35e77e6
CRC32 9BE96DED
ssdeep 24576:VJw2kSyqsNiGVnH0QQpzwUFyJoD2fxb3WD2jc:QS5sIGJ0QPnfxbG4c
PDB Path C:\yode.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\yode.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2444
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 962560
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x033d0000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2444
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04c10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x000ebc00', u'virtual_address': u'0x0002e000', u'entropy': 7.996306010703369, u'name': u'.data', u'virtual_size': u'0x02ee29bc'} entropy 7.9963060107 description A section with a high entropy has been found
entropy 0.776131687243 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.2b2019bf18467e91
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.87cc3d
BitDefenderTheta Gen:NN.ZexaF.34050.mzW@ayeZwAbG
Symantec ML.Attribute.HighConfidence
Kaspersky UDS:Trojan.Win32.Chapak.gen
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Sophos ML/PE-A
APEX Malicious
eGambit Unsafe.AI_Score_90%
Microsoft Trojan:Win32/Sabsik.FL.A!ml
Cynet Malicious (score: 100)
Acronis suspicious
Ikarus Trojan.Win32.Glupteba
Rising Trojan.Kryptik!1.C6FC (CLASSIC)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
CrowdStrike win/malicious_confidence_80% (D)
Qihoo-360 HEUR/QVM10.1.F63B.Malware.Gen