popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

SalmonFlora.exe

VMProtect Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 1, 2021, 9:24 a.m. Oct. 1, 2021, 9:46 a.m.
Size 5.2MB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 e277207bfd455a387fe52aaa65f4e9b0
SHA256 a4c3d60102ff72d89963df742fd50a4b7dc32a23ea3cf7a78dd3a4685397d270
CRC32 04761941
ssdeep 98304:J0lzpavFrqTjdroC9Sjt99e4ZSF9pFPHlzbQCY:gFmadoDg4Zs979Q
Yara
  • VMProtect_Zero - VMProtect packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .vmp0
section .vmp1
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1896
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00370000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0053c800', u'virtual_address': u'0x00323000', u'entropy': 7.956619365466163, u'name': u'.vmp1', u'virtual_size': u'0x0053c7c0'} entropy 7.95661936547 description A section with a high entropy has been found
entropy 0.999627143922 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Ransom.EasyRansom.1
FireEye Generic.mg.e277207bfd455a38
McAfee Artemis!E277207BFD45
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 7000001c1 )
Alibaba Trojan:Win32/VMProtBad.ee1b294c
K7GW Trojan ( 7000001c1 )
CrowdStrike win/malicious_confidence_80% (D)
BitDefenderTheta Gen:NN.ZexaF.34170.@FW@aCEvxlii
Symantec ML.Attribute.HighConfidence
APEX Malicious
ClamAV Win.Malware.Vmprotbad-9867392-0
BitDefender Gen:Variant.Ransom.EasyRansom.1
Avast Win32:Malware-gen
Ad-Aware Gen:Variant.Ransom.EasyRansom.1
Sophos Mal/VMProtBad-A
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Emsisoft Gen:Variant.Ransom.EasyRansom.1 (B)
SentinelOne Static AI - Malicious PE
Avira HEUR/AGEN.1144545
Microsoft Trojan:Win32/Tnega!ml
GData Gen:Variant.Ransom.EasyRansom.1
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.AGEN.C4482320
ALYac Gen:Variant.Ransom.EasyRansom.1
MAX malware (ai score=80)
Malwarebytes Trojan.MalPack.VMP
Rising Trojan.Generic@ML.100 (RDML:547ujYJ3WIZLAnkiwiodgQ)
Ikarus Trojan.Win32.Agent
eGambit Unsafe.AI_Score_99%
Fortinet W32/Agent.ADER!tr
AVG Win32:Malware-gen
MaxSecure Trojan.Malware.300983.susgen