popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

bbrpg.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 2, 2021, 9:09 a.m. Aug. 2, 2021, 9:13 a.m.
Size 4.6MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 207450ff08453cc47b40df231032d4d0
SHA256 5638a743d42c3622f1826cb1120aa4e22a40d1e853472620071cba8a1388409b
CRC32 EB9B18CA
ssdeep 98304:zzlsF6obmLepm99gQS8kzdO1foaQr/lfO3wRXzv7+ey2dDkkCkM1pue8:zzlsF6Sc9BkzdIgailW3kDTpHdD8kM
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a004f0 size 0x00000134
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4194303999, next used block 4160749567 sublanguage SUBLANG_KOREAN offset 0x00a3a868 size 0x00004228
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4194303999, next used block 4160749567 sublanguage SUBLANG_KOREAN offset 0x00a3a868 size 0x00004228
name RT_DIALOG language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00820 size 0x0000009a
name RT_DIALOG language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00820 size 0x0000009a
name RT_DIALOG language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00820 size 0x0000009a
name RT_DIALOG language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00820 size 0x0000009a
name RT_ACCELERATOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x009ffac0 size 0x00000008
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_CURSOR language LANG_KOREAN filetype empty sublanguage SUBLANG_KOREAN offset 0x00a00628 size 0x00000014
name RT_GROUP_ICON language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00a3eaa4 size 0x00000014
name RT_GROUP_ICON language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00a3eaa4 size 0x00000014
name RT_VERSION language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00a3eab8 size 0x00000248
section {u'size_of_data': u'0x00206400', u'virtual_address': u'0x00001000', u'entropy': 7.9999229786862, u'name': u'', u'virtual_size': u'0x00727000'} entropy 7.99992297869 description A section with a high entropy has been found
section {u'size_of_data': u'0x00023600', u'virtual_address': u'0x00728000', u'entropy': 7.998028992182421, u'name': u'', u'virtual_size': u'0x00090000'} entropy 7.99802899218 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000c600', u'virtual_address': u'0x007b8000', u'entropy': 7.994059729334034, u'name': u'', u'virtual_size': u'0x00241000'} entropy 7.99405972933 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002f600', u'virtual_address': u'0x00a3f000', u'entropy': 7.998051124742721, u'name': u'', u'virtual_size': u'0x00716000'} entropy 7.99805112474 description A section with a high entropy has been found
section {u'size_of_data': u'0x00232a00', u'virtual_address': u'0x01155000', u'entropy': 7.982320790455126, u'name': u'.data', u'virtual_size': u'0x00233000'} entropy 7.98232079046 description A section with a high entropy has been found
entropy 0.99534490055 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.207450ff08453cc4
Cylance Unsafe
ESET-NOD32 a variant of Win32/Packed.Enigma.CO
APEX Malicious
Kaspersky HEUR:HackTool.Win64.Htran.gen
Avast Win32:MalwareX-gen [Trj]
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.Ymacco
Kingsoft Win32.Heur.KVMH015.a.(kcloud)
Gridinsoft Malware.Win32.Gen.bot!se39933
ZoneAlarm HEUR:HackTool.Win64.Htran.gen
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Gen.Reputation.C4298596
VBA32 BScope.Trojan.Tasker
Malwarebytes Malware.Heuristic.1003
Zoner Probably Heur.ExeHeaderH
AVG Win32:MalwareX-gen [Trj]
Qihoo-360 Win32/HackTool.HTran.HgIASZQA