popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

loader1.exe

Generic Malware UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 26, 2021, 9:19 a.m. Aug. 26, 2021, 9:19 a.m.
Size 368.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 6cd0a4f10dabb456456d0b7336f13116
SHA256 71335267a0a48bbcf678e354b421445d3db926ec5dd9b40c2a004cebb9b166f0
CRC32 E35C1B4D
ssdeep 6144:N4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0PzL:GXe9PPlowWX0t6mOQwg1Qd15CcYk0Web
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
a.uguu.se
A 144.76.201.136
144.76.201.136
IP Address Status Action
144.76.201.136 Active Moloch
164.124.101.2 Active Moloch

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72a72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00fe0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00054200', u'virtual_address': u'0x0008c000', u'entropy': 7.937166295682316, u'name': u'UPX1', u'virtual_size': u'0x00055000'} entropy 7.93716629568 description A section with a high entropy has been found
entropy 0.91689373297 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetect.malware2
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
FireEye Generic.mg.6cd0a4f10dabb456
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.d865fd
Cyren W32/AutoIt.TA.gen!Eldorado
APEX Malicious
Paloalto generic.ml
Kaspersky VHO:Trojan-Spy.Win32.Noon.bbrj
Avast FileRepMalware
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Sophos Mal/Generic-R
eGambit Unsafe.AI_Score_99%
Cynet Malicious (score: 100)
McAfee Artemis!6CD0A4F10DAB
MaxSecure Trojan.Malware.300983.susgen
Webroot Pua.Yukleyici
AVG FileRepMalware
CrowdStrike win/malicious_confidence_60% (W)