Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 10, 2021, 5:42 p.m.	Aug. 10, 2021, 5:53 p.m.

Size	4.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`69175b19d2a89f83fa324703eebb755b`
SHA256	`d8ab124efa220626e005302ee31e0623901805603b67116fa5baae41829e62f1`
CRC32	`0A33740A`
ssdeep	`98304:dtG1sk31IjxYRPzCEqGQWxo+8hrWhbl6L5W3zcILrjjqKAvGLcHfj:fGKk3gazNQWP6LaNmSc/j`
PDB Path	C:\kuvolalupacivi87_juvucuwizex gazogixecuxevu vahologete_77\p.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

5674d7511aa1fce0a68969dc57375b63.exe "C:\Users\test22\AppData\Local\Temp\5674d7511aa1fce0a68969dc57375b63.exe"
1684

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
62.102.148.130	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\kuvolalupacivi87_juvucuwizex gazogixecuxevu vahologete_77\p.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 10, 2021, 5:42 p.m.	process_identifier: 1684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4440064 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03b10000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 10, 2021, 5:43 p.m.	process_identifier: 1684 region_size: 9592832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0043da00', u'virtual_address': u'0x00030000', u'entropy': 7.999668459670752, u'name': u'.data', u'virtual_size': u'0x032d74bc'}

entropy

7.99966845967

description

A section with a high entropy has been found

entropy

0.938715953307

description

Overall entropy of this PE file is high

host

62.102.148.130

5674d7511aa1fce0a68969dc57375b63.exe