Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 11, 2021, 5:42 p.m.	Aug. 11, 2021, 5:56 p.m.

Size	205.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9d06a1ead98bff1e324534185ff02cb1`
SHA256	`02c6d31dbcb21b0dc30be090c2e215dde62c0d2352e2c7deae8c185505a63f06`
CRC32	`89CE1819`
ssdeep	`3072:rqPEoHVW+7asbD5djj7vIgScsYh6gSVywo3c+:eu+7tnji7knGyHM`
PDB Path	C:\cuxima.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\cuxima.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 11, 2021, 5:42 p.m.	process_identifier: 1768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002fc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 11, 2021, 5:42 p.m.	process_identifier: 1768 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00012400', u'virtual_address': u'0x00001000', u'entropy': 7.294317909088772, u'name': u'.text', u'virtual_size': u'0x000123a4'}

entropy

7.29431790909

description

A section with a high entropy has been found

entropy

0.357843137255

description

Overall entropy of this PE file is high

svchost.exe