Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 1, 2021, 10:17 p.m.	Oct. 1, 2021, 10:22 p.m.

Size	393.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`151150f1623ec344306be5c20627f3e9`
SHA256	`80650dabfd063ebec610836ad8a675a6bccd7b14f14552e132729b523420ff8a`
CRC32	`2DAF99A3`
ssdeep	`6144:+JKfpLuUEssvdgRD7KKXe6qoPl/u4j1bHigxemF43SB+tqJL6GOOhxxdeTr/ekI:UcpCJvduaWqoPl/v12mW3SxL6kzxd6L`
PDB Path	C:\cupayecobiwune\fedasuc\83_dob.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\cupayecobiwune\fedasuc\83_dob.pdb

resource name	BUJAHAGIRAMOMEVAXESAB
resource name	YOCUSIDIHEBOSIZORIYEPASUGIHAXEDO
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 1, 2021, 10:17 p.m.	process_identifier: 1160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 143360 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0088a000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 1, 2021, 10:17 p.m.	process_identifier: 1160 region_size: 196608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00034800', u'virtual_address': u'0x00001000', u'entropy': 7.763494931764623, u'name': u'.text', u'virtual_size': u'0x00034750'}

entropy

7.76349493176

description

A section with a high entropy has been found

entropy

0.535714285714

description

Overall entropy of this PE file is high

ferrarr.exe