popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

file.exe

Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 23, 2021, 5:15 p.m. Sept. 23, 2021, 5:22 p.m.
Size 367.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fb38ecfc9a0b6f8d92beee0528483d9e
SHA256 0f342c0f781368f35e15cb470962b7eda145f6861417b1f687d6eb03878401fe
CRC32 91858654
ssdeep 6144:lvE3I5QZbo3Ak+QBqgncix+8CNYpqKwTscCr7:lvE3I5QZblkeDa+pupUP
PDB Path C:\rowe\xesakoget\wabamu\duyulunenoduz.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
188.165.222.221 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\rowe\xesakoget\wabamu\duyulunenoduz.pdb
resource name HOXOVIGUBUPUWILUSI
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2084
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 155648
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d3a000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2084
region_size: 286720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02bb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00025e00', u'virtual_address': u'0x00023000', u'entropy': 7.928014970949083, u'name': u'.data', u'virtual_size': u'0x0276aee0'} entropy 7.92801497095 description A section with a high entropy has been found
entropy 0.413369713506 description Overall entropy of this PE file is high
host 188.165.222.221
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Convagent.3!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37628830
FireEye Generic.mg.fb38ecfc9a0b6f8d
CAT-QuickHeal Ransom.Stop.Z5
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
Alibaba Trojan:Win32/Kryptik.c8fe2068
Cybereason malicious.22101b
Cyren W32/Kryptik.FIO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMOO
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Trojan.GenericKD.37628830
Avast FileRepMalware
Ad-Aware Trojan.GenericKD.37628830
McAfee-GW-Edition BehavesLike.Win32.Generic.fh
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Webroot W32.Trojan.Gen
Avira TR/AD.Azorultpp.pjgxe
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Downloader.vb
Microsoft Trojan:Win32/Azorult!ml
GData Trojan.GenericKD.37628830
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPE.R442437
Acronis suspicious
McAfee Packed-GDT!FB38ECFC9A0B
VBA32 Malware-Cryptor.Azorult.gen
Malwarebytes Trojan.MalPack.GS
TrendMicro-HouseCall TROJ_FRS.VSNW16I21
Ikarus Trojan.Win32.Crypt
eGambit Unsafe.AI_Score_79%
Fortinet W32/Kryptik.HMOO!tr
BitDefenderTheta Gen:NN.ZexaF.34170.wu0@aiMwFalO
AVG FileRepMalware
CrowdStrike win/malicious_confidence_90% (W)
MaxSecure Trojan.Malware.300983.susgen