Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 11, 2021, 2:58 p.m.	Sept. 11, 2021, 3:14 p.m.

Size	739.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e9374bbefcce30c811d2f0091f1886c3`
SHA256	`fc9ff1351c41668d1e590c1a0cb471743e4e71d82e6011946cfe189c75980b00`
CRC32	`D1113DA5`
ssdeep	`12288:OiiM1YOcKlCm+43fZWZKLiaC67+BefHtkXfVWEEZ16GQKOsK2npi8Yd+5V:KM1aKG43QZGJ+qHtcCrQRsK2nxYSV`
PDB Path	C:\zuvicukudezum\noji\xahi\zexinacukezu_gexixo\lutuz\milu.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Trojan_DarkSide_Ransomware_1_Zero - Darkside Ransomware IsPE32 - (no description)

e9374bbefcce30c811d2f0091f1886c3.exe "C:\Users\test22\AppData\Local\Temp\e9374bbefcce30c811d2f0091f1886c3.exe"
1116

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\zuvicukudezum\noji\xahi\zexinacukezu_gexixo\lutuz\milu.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 11, 2021, 2:58 p.m.	process_identifier: 1116 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 503808 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0300e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 11, 2021, 2:58 p.m.	process_identifier: 1116 region_size: 856064 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0007b000', u'virtual_address': u'0x00026000', u'entropy': 7.988378348431419, u'name': u'.data', u'virtual_size': u'0x02783c5c'}

entropy

7.98837834843

description

A section with a high entropy has been found

entropy

0.666215301286

description

Overall entropy of this PE file is high

e9374bbefcce30c811d2f0091f1886c3.exe