popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sys.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 9, 2021, 11:23 a.m. Aug. 9, 2021, 11:28 a.m.
Size 775.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e4ec80c2fd3c010788215a45cd7569dc
SHA256 89c6800c3bb737ea1652c5280b4e0582fe8e2acd4c9298f691211c1a7bb1f601
CRC32 838BD76E
ssdeep 12288:gVmrjy02JLWXXSUnad8SQavkpAcPEsFux2TMj23oaBIQuSLtkzv0D3Tm:Ry0uLyiUfSQaKXP0cD3PBIQMzcD3T
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00043400', u'virtual_address': u'0x00062000', u'entropy': 6.88384507948169, u'name': u'.rdata', u'virtual_size': u'0x00043378'} entropy 6.88384507948 description A section with a high entropy has been found
entropy 0.347545219638 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
McAfee Artemis!E4EC80C2FD3C
Malwarebytes MachineLearning/Anomalous.94%
Cybereason malicious.2fd3c0
Symantec ML.Attribute.HighConfidence
APEX Malicious
McAfee-GW-Edition BehavesLike.Win32.Injector.bh
Microsoft Trojan:Win32/Glupteba!ml
Cynet Malicious (score: 100)
Avast Win32:Malware-gen
AVG Win32:Malware-gen