Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 20, 2021, 9:31 a.m.	Sept. 20, 2021, 9:38 a.m.

Size	244.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5b0002ddfa1c1b46a02302357915acae`
SHA256	`3c0f7bf5a5d3411d3850c3274f4d54a706838ea4c98fa7b9bf1aa24b6120d0f2`
CRC32	`DE32E045`
ssdeep	`3072:KmZQ6k3h6nvj+7fNnNmNLFXDF/xsAOXNmE7I8JRDeESzw5TxHsikO0n/1OuMnQc8:KmZQ6ZnvMVnyLFXDF8XYt4FL0dIQc8`
PDB Path	C:\kigazepuy_cepu.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\kigazepuy_cepu.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 20, 2021, 9:31 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 69632 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002fa000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 20, 2021, 9:31 a.m.	process_identifier: 2648 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00011000', u'virtual_address': u'0x00026000', u'entropy': 7.760868491538167, u'name': u'.data', u'virtual_size': u'0x0001ee7c'}

entropy

7.76086849154

description

A section with a high entropy has been found

entropy

0.279835390947

description

Overall entropy of this PE file is high

pub6.exe