popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pub1.exe

Malicious Library UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 19, 2021, 7:04 p.m. Aug. 19, 2021, 7:15 p.m.
Size 279.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9a055238742093cce2d43b885779cdb2
SHA256 271ef3d1c323cc5e26fc653259ee79c6c06cf38509c37b0d669710841a60f5a6
CRC32 C897B2DC
ssdeep 6144:Tdu9QJPA6Tq46V+YXZCYkQGbdb2zE3ujwaaRIFB/M3c6:5pA6W46V+wCYkxBKWu9rFN6
PDB Path C:\guxobihopefan-zo.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
179.189.229.254 Active Moloch
182.253.210.130 Active Moloch
164.124.101.2 Active Moloch
221.147.172.5 Active Moloch
46.99.175.149 Active Moloch
46.99.188.223 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\guxobihopefan-zo.pdb
resource name FIDUSANEHODEZAY
resource name TAR
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2516
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 69632
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00283000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2516
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02430000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00010e00', u'virtual_address': u'0x00026000', u'entropy': 7.741632866021613, u'name': u'.data', u'virtual_size': u'0x01f7871c'} entropy 7.74163286602 description A section with a high entropy has been found
entropy 0.242805755396 description Overall entropy of this PE file is high
host 179.189.229.254
host 182.253.210.130
host 221.147.172.5
host 46.99.175.149
host 46.99.188.223
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
FireEye Generic.mg.9a055238742093cc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Gen:NN.ZexaF.34088.rqW@aGfdXufK
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky VHO:Trojan.Win32.Agent.gen
Sophos ML/PE-A
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
SentinelOne Static AI - Malicious PE
Microsoft Trojan:Win32/Sabsik.TE.B!ml
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Artemis!9A0552387420
VBA32 Trojan.Azorult.a
Rising Malware.Obscure/Heur!1.A89F (CLASSIC)
Ikarus Trojan.Win32.Glupteba
MaxSecure Trojan.Malware.300983.susgen
Qihoo-360 HEUR/QVM10.1.5E77.Malware.Gen