Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 23, 2021, 8:54 a.m.	Sept. 23, 2021, 9 a.m.

Size	216.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e50df54836bd38c86239e7f49917cb1c`
SHA256	`25ff1ca479a76808bc6375b28d9c0905aece5d31a98f27ef39afdfafa060996a`
CRC32	`D396E1D9`
ssdeep	`3072:OokgnLIbp7Xh1THa2ok6bhL1cIGo54IVLSQEOJH4yhJuIJB:LkgnLm7R1T62hqhL1pMIz5JHHz`
PDB Path	C:\humerepe-52\zimo.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\humerepe-52\zimo.pdb

resource name

FIBOLUWAWABUROBI

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 23, 2021, 8:54 a.m.	process_identifier: 620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005be000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 23, 2021, 8:54 a.m.	process_identifier: 620 region_size: 110592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0001f200', u'virtual_address': u'0x00001000', u'entropy': 7.546384086029746, u'name': u'.text', u'virtual_size': u'0x0001f02c'}

entropy

7.54638408603

description

A section with a high entropy has been found

entropy

0.579069767442

description

Overall entropy of this PE file is high

vbc.exe