popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Igno.exe

Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 22, 2021, 9:50 a.m. Sept. 22, 2021, 10:06 a.m.
Size 700.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 861f9b74fd5fad95a95ea1c1d043f814
SHA256 588d2e6006a25d7774b4ae702841451047dd79c20c3f35bbb1260182f65c4a15
CRC32 BEAD32C9
ssdeep 12288:Jz15ug8LPvP2NruBEs8g94NwrXsrSZWtmmIqXOkPkK+NkMAGQm:r5YLONCB194iorSZNmIq+iQNAm
PDB Path C:\wugadun.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\wugadun.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2948
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 507904
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0058a000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2948
region_size: 868352
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00670000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0007be00', u'virtual_address': u'0x00026000', u'entropy': 7.987975080133797, u'name': u'.data', u'virtual_size': u'0x00089d60'} entropy 7.98797508013 description A section with a high entropy has been found
entropy 0.70886981402 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.23876
FireEye Generic.mg.861f9b74fd5fad95
CAT-QuickHeal Ransom.Stop.Z5
ALYac Gen:Variant.Fragtor.23876
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Gen:NN.ZexaF.34170.Ru0@ai8U5HdO
Cyren W32/Kryptik.EYC.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky VHO:Exploit.Win32.Convagent.gen
BitDefender Gen:Variant.Fragtor.23876
Rising Trojan.Generic@ML.89 (RDML:EZa6cHsegVwJ9WZRqU9uXg)
Ad-Aware Gen:Variant.Fragtor.23876
Emsisoft Gen:Variant.Fragtor.23876 (B)
McAfee-GW-Edition BehavesLike.Win32.Generic.bc
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
MAX malware (ai score=87)
Arcabit Trojan.Fragtor.D5D44
GData Gen:Variant.Fragtor.23876
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Packed-GDT!861F9B74FD5F
VBA32 Malware-Cryptor.Azorult.gen
Cybereason malicious.b307e2