Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

Op.gg.exe

Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 1, 2021, 1:32 p.m.	Oct. 1, 2021, 1:33 p.m.

Size	7.7MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ee228a1b9d71fc6381e15e9364bf8fb9`
SHA256	`833766f9eaf2d9a80e31d1da7d2e15c41fd5b9b76458716f86e23218f2014ec7`
CRC32	`B556A5FA`
ssdeep	`196608:Q9aZYBt8WuXqGKfgU4p+WYjU6mYejM+iGkbu:icCt8z6lY5pzYrzejrp`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library themida_packer - themida packer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

The binary likely contains encrypted or compressed data indicative of a packer (14 events)

section

{u'size_of_data': u'0x0000ce00', u'virtual_address': u'0x00001000', u'entropy': 7.978728354291742, u'name': u' ', u'virtual_size': u'0x00019c30'}

entropy

7.97872835429

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00004200', u'virtual_address': u'0x0001b000', u'entropy': 7.969303245447238, u'name': u' ', u'virtual_size': u'0x000041e0'}

entropy

7.96930324545

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001200', u'virtual_address': u'0x00021000', u'entropy': 7.685160838596186, u'name': u' ', u'virtual_size': u'0x00003c90'}

entropy

7.6851608386

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000c00', u'virtual_address': u'0x00025000', u'entropy': 7.54686769481406, u'name': u' ', u'virtual_size': u'0x000013b0'}

entropy

7.54686769481

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000600', u'virtual_address': u'0x00027000', u'entropy': 7.703723936327538, u'name': u' ', u'virtual_size': u'0x000011e8'}

entropy

7.70372393633

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00007000', u'virtual_address': u'0x00030000', u'entropy': 7.944297072322408, u'name': u' ', u'virtual_size': u'0x00011518'}

entropy

7.94429707232

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000c00', u'virtual_address': u'0x00042000', u'entropy': 7.287977201049428, u'name': u' ', u'virtual_size': u'0x00002e1a'}

entropy

7.28797720105

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00003a00', u'virtual_address': u'0x00045000', u'entropy': 7.9499357908115185, u'name': u' ', u'virtual_size': u'0x00007a20'}

entropy

7.94993579081

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000800', u'virtual_address': u'0x0004d000', u'entropy': 7.579814313460587, u'name': u' ', u'virtual_size': u'0x000020e0'}

entropy

7.57981431346

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000400', u'virtual_address': u'0x00050000', u'entropy': 7.740793070928166, u'name': u' ', u'virtual_size': u'0x000007b0'}

entropy

7.74079307093

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00004600', u'virtual_address': u'0x00051000', u'entropy': 7.912836574208688, u'name': u' ', u'virtual_size': u'0x00011a18'}

entropy

7.91283657421

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000600', u'virtual_address': u'0x00063000', u'entropy': 7.105060162331991, u'name': u' ', u'virtual_size': u'0x00001580'}

entropy

7.10506016233

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0073ee00', u'virtual_address': u'0x00ce4000', u'entropy': 7.967868864068812, u'name': u'.boot', u'virtual_size': u'0x0073ee00'}

entropy

7.96786886407

description

A section with a high entropy has been found

entropy

0.975305881097

description

Overall entropy of this PE file is high

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Lionic	Trojan.Win64.Agentb.trtl
MicroWorld-eScan	Trojan.GenericKD.37633168
FireEye	Generic.mg.ee228a1b9d71fc63
McAfee	Artemis!EE228A1B9D71
K7AntiVirus	Trojan ( 00587fa41 )
Alibaba	Trojan:Win64/GenKryptik.4b5dc7a7
K7GW	Trojan ( 00587fa41 )
Cybereason	malicious.64fc3b
ESET-NOD32	a variant of Win64/GenKryptik.FKTG
APEX	Malicious
Paloalto	generic.ml
BitDefender	Trojan.GenericKD.37633168
Avast	Win64:Trojan-gen
Ad-Aware	Trojan.GenericKD.37633168
Emsisoft	Trojan.GenericKD.37633168 (B)
McAfee-GW-Edition	BehavesLike.Win64.Generic.wc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Krypt
Avira	TR/Crypt.Agent.rogxp
MAX	malware (ai score=80)
Gridinsoft	Trojan.Heur!.032100A3
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Trojan.GenericKD.37633168
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.37633168
SentinelOne	Static AI - Suspicious PE
Fortinet	Malicious_Behavior.SB
AVG	Win64:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (D)