popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

GetFile2

Generic Malware UPX .NET DLL PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 11, 2021, 5:42 p.m. Aug. 11, 2021, 5:57 p.m.
Size 1.4MB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 664e5caa0860705e1d5b56f39b97b359
SHA256 1d9792547b612f5521083edcdf440a8e6dece47d056e69bed5b08575c57c44ff
CRC32 4B712205
ssdeep 24576:UZv8IF/xYCUH67pdVRuCubTb5qpKu2dm8rZNpJ0rIFPeeLSm4YJaRX9kTIO+0wg:Mv8JH6fOTb5qpMmxIFDSVYMXeMO
Yara
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • IsDLL - (no description)
  • Is_DotNET_DLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00159e00', u'virtual_address': u'0x00002000', u'entropy': 7.537670263855748, u'name': u'.text', u'virtual_size': u'0x00159d9c'} entropy 7.53767026386 description A section with a high entropy has been found
entropy 0.998916967509 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Bulz.4!c
FireEye Gen:Variant.Bulz.595993
McAfee Artemis!664E5CAA0860
Sangfor Suspicious.Win32.Bulz.595993
Arcabit Trojan.Bulz.D91819
BitDefender Gen:Variant.Bulz.595993
MicroWorld-eScan Gen:Variant.Bulz.595993
Ad-Aware Gen:Variant.Bulz.595993
Emsisoft Gen:Variant.Bulz.595993 (B)
McAfee-GW-Edition Artemis
Sophos Generic ML PUA (PUA)
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Bulz.595993
ALYac Gen:Variant.Bulz.595993
MAX malware (ai score=80)
TrendMicro-HouseCall TROJ_GEN.R002H09HA21
Qihoo-360 Win32/Trojan.Generic.HgkASaEA