popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

damn.dll

Generic Malware UPX Malicious Packer Anti_VM .NET DLL PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 6, 2021, 7:48 a.m. Aug. 6, 2021, 7:48 a.m.
Size 378.0KB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 56fafea4cf301271c70b9bbacc5409b5
SHA256 9afda49b506c5f67986f5fabc59856f49f79c1cdee5b49af03d51c4ff61e78ab
CRC32 23D6CFC9
ssdeep 6144:L9bM+jk3oo6VaNlG6RLIdvAfV8c47boXLRQLPD6+FtccxDaDGa2Kd:8oo+aNvOdvwuclXLRqPD1ZxDAGan
PDB Path damn.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsDLL - (no description)
  • Is_DotNET_DLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path damn.pdb
FireEye Generic.mg.56fafea4cf301271
CrowdStrike win/malicious_confidence_90% (W)
APEX Malicious
Sophos ML/PE-A
Cynet Malicious (score: 100)
section {u'size_of_data': u'0x0005dc00', u'virtual_address': u'0x00002000', u'entropy': 7.308188460992658, u'name': u'.text', u'virtual_size': u'0x0005daf4'} entropy 7.30818846099 description A section with a high entropy has been found
entropy 0.993377483444 description Overall entropy of this PE file is high