popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pysnake.exe

Gen1 Generic Malware UPX Malicious Library Malicious Packer Anti_VM PE64 PE File OS Processor Check DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 13, 2021, 8:10 p.m. Aug. 13, 2021, 8:21 p.m.
Size 21.9MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 eff22c6f6beec66c74ccd00fb1a4b708
SHA256 45a3cf3b9fe14d68e6e67ba32c9efb36df82cf3435f2ec229fb687f59ab06ebf
CRC32 24CD24A8
ssdeep 393216:OEbtkOBCEDSamg1KLW9XvGdXtgagXrhhIV8jXTyywYqJKU40iFwTJY2ciIrHWF+c:jtbCEDvKLKXeEr7OimgqJKiTvIL+EbCL
Yara
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1796
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef6d79000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libtiff-5.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\SDL2.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libmodplug-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libvorbis-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libpng16-16.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libogg-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\SDL2_mixer.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libfreetype-6.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\portmidi.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libmpg123-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libFLAC-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libwebp-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libjpeg-9.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\python39.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-handle-l1-1-0.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x0004b000', u'entropy': 7.555725884909961, u'name': u'.rsrc', u'virtual_size': u'0x0000f4e4'} entropy 7.55572588491 description A section with a high entropy has been found
entropy 0.214285714286 description Overall entropy of this PE file is high
McAfee Artemis!EFF22C6F6BEE
Cyren W64/S-d6d7eeed!Eldorado
APEX Malicious
Avast FileRepMalware
Zillya Trojan.Disco.Win32.1337
McAfee-GW-Edition Artemis
Jiangmin Trojan.PSW.Python.dx
Antiy-AVL Trojan/Generic.ASMalwS.34493BB
Cynet Malicious (score: 100)
Malwarebytes Generic.Trojan.Malicious.DDS
AVG FileRepMalware
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libtiff-5.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\surface.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libvorbis-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\freesansbold.ttf
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\color.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\font.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\setuptools-56.0.0.dist-info\INSTALLER
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libogg-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libopenblas.XWYDX2IKJW2NMTWSFYNGFUWKQU3LYTCZ.gfortran-win_amd64.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\constants.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\snake.exe.manifest
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\SDL2.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\_multiprocessing.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\_overlapped.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\numpy\core\_multiarray_tests.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\numpy\random\_philox.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\image.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libvorbisfile-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\numpy\random\_bounded_integers.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\_freetype.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\time.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libopus-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\SDL2_image.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\pygame_icon.bmp
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\pygame\scrap.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\numpy\random\mtrand.cp39-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libFLAC-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\libpng16-16.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI24562\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd