popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

14.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 20, 2021, 9:32 a.m. Sept. 20, 2021, 9:49 a.m.
Size 312.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 25b544886f92efc35d16afae0ccbe885
SHA256 cd517a0b8edbf878a10147ece991468cd24a8e8dc17ad7afa098c82894a7ee63
CRC32 E6F37135
ssdeep 6144:nJZQqHG9EOclBo6k3uoCfr2afGK5mAYK6Q3zLgjVIYSZ09:JZ3OclBoaoCfrHfG5DqMOX
PDB Path C:\zipu\miyizevojegib28\vixaxufuyolige_jatami\yajihasutas.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\zipu\miyizevojegib28\vixaxufuyolige_jatami\yajihasutas.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 180
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 143360
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004ea000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 180
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_ACCELERATOR language LANG_SERBIAN filetype data sublanguage SUBLANG_ARABIC_MOROCCO offset 0x0005a6f0 size 0x00000078
name RT_ACCELERATOR language LANG_SERBIAN filetype data sublanguage SUBLANG_ARABIC_MOROCCO offset 0x0005a6f0 size 0x00000078
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_ARABIC_MOROCCO offset 0x0005a768 size 0x00000124
name RT_VERSION language LANG_SERBIAN filetype data sublanguage SUBLANG_ARABIC_MOROCCO offset 0x0005a768 size 0x00000124
section {u'size_of_data': u'0x00023800', u'virtual_address': u'0x00026000', u'entropy': 7.918106223839601, u'name': u'.data', u'virtual_size': u'0x000317bc'} entropy 7.91810622384 description A section with a high entropy has been found
entropy 0.455858747994 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.22696
McAfee GenericRXAA-AA!25B544886F92
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.13ed73
BitDefenderTheta Gen:NN.ZexaF.34142.tuW@aufdDVkO
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMNK
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Injuke.gen
BitDefender Gen:Variant.Fragtor.22696
Avast Win32:PWSX-gen [Trj]
Ad-Aware Gen:Variant.Fragtor.22696
Emsisoft Gen:Variant.Fragtor.22696 (B)
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.25b544886f92efc3
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Fragtor.22696
MaxSecure Trojan.Malware.300983.susgen
Arcabit Trojan.Fragtor.D58A8
Microsoft PWS:MSIL/RedLine.GG!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPE.R442032
Acronis suspicious
VBA32 Malware-Cryptor.Azorult.gen
MAX malware (ai score=88)
Malwarebytes Trojan.MalPack
Rising Trojan.Kryptik!1.D975 (CLASSIC)
Ikarus Trojan.Win32.Glupteba
eGambit Unsafe.AI_Score_98%
Fortinet W32/Kryptik.HMNI!tr
AVG Win32:PWSX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (D)