Summary | ZeroBOX

faster4upusa.exe

PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 7, 2021, 2:59 p.m. Sept. 7, 2021, 2:59 p.m.
Size 589.9KB
Type MS-DOS executable, MZ for MS-DOS
MD5 9eff1fa203474d2c90d490415fd380c9
SHA256 df135888390b1095d03f34e73f600e51f27a338503b99794507749340dac7518
CRC32 AB5C3545
ssdeep 12288:a7iuUvUF2Jx92MoBFJ+Vy2S7Y/BQdx3LpYV/Fd9:a7iuUveDJ+V/S8ZOx7pKNd9
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .MPRESS1
section .MPRESS2
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77950895
stacktrace+0x84 memdup-0x1af @ 0x74e70470
hook_in_monitor+0x45 lde-0x133 @ 0x74e642ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74e83603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefde43243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefde431fb
faster4upusa+0xc1ab7 @ 0x1400c1ab7
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x77202ef0
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff
0x13afff

exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address: 0x77950895
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 329877
registers.r14: 0
registers.r15: 0
registers.rcx: 4388408
registers.rsi: 5370003456
registers.r10: 0
registers.rbx: 1998597872
registers.rsp: 4390664
registers.r11: 514
registers.r8: 64
registers.r9: 4
registers.rdx: 4389752
registers.r12: 0
registers.rbp: 0
registers.rdi: 5368709487
registers.rax: 4388088
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00063400', u'virtual_address': u'0x00001000', u'entropy': 7.999529557850438, u'name': u'.MPRESS1', u'virtual_size': u'0x0013c000'} entropy 7.99952955785 description A section with a high entropy has been found
entropy 0.685073339085 description Overall entropy of this PE file is high
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Cybereason malicious.c8847e
Kaspersky UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition Artemis!Trojan
SentinelOne Static AI - Suspicious PE
Gridinsoft Trojan.Win64.AutoIt.dd!i
McAfee Artemis!9EFF1FA20347
Ikarus Trojan.SmallAHKDownloader
eGambit PE.Heur.InvalidSig
CrowdStrike win/malicious_confidence_70% (W)
MaxSecure Trojan.Malware.300983.susgen