Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 4, 2021, 10:10 a.m.	Oct. 4, 2021, 10:12 a.m.

Size	376.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`94fa890b7a91f842e006e1c7c795b616`
SHA256	`fa80322381b685e9bfbe9562b0f072e1075f2b2c72c9ed924c6d933455dad886`
CRC32	`48482C97`
ssdeep	`6144:IcZIY/cLq84cQZ8TH20w5sarZmdY8Ge+NEIOEDk/U9F+PJF6AnhrROhxxpeTr/et:/I3P4cQZaH24arP8G9Ntf9FEF6Anizxo`
PDB Path	C:\wewaze74_lalivuzokabos_pefey jibize51\boyalosujote72\kov.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\wewaze74_lalivuzokabos_pefey jibize51\boyalosujote72\kov.pdb

resource name	BUJAHAGIRAMOMEVAXESAB
resource name	YOCUSIDIHEBOSIZORIYEPASUGIHAXEDO
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 4, 2021, 10:10 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 4, 2021, 10:10 a.m.	process_identifier: 732 region_size: 274432 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00038c00', u'virtual_address': u'0x00001000', u'entropy': 7.810275153734996, u'name': u'.text', u'virtual_size': u'0x00038bb0'}

entropy

7.81027515373

description

A section with a high entropy has been found

entropy

0.604527296937

description

Overall entropy of this PE file is high

sefile3.exe