popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sefile3.exe

UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 25, 2021, 4:53 p.m. Oct. 25, 2021, 4:56 p.m.
Size 443.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 44a8c9e3ca634b851c48ab01349f5d8a
SHA256 5832a25543508183b9ce020b0657ca338552b5c4548c48e2385ce1838ee66cad
CRC32 D5C0AE8C
ssdeep 12288:y8mOmM6hYG8lYj3PleAaee/Lk5gkdZ5H78ymKa:y4mM6hPT+VDk5D5H78Ia
PDB Path C:\ven-litusowo-noxacihipecori\ridamunigupu84\jetuya.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\ven-litusowo-noxacihipecori\ridamunigupu84\jetuya.pdb
resource name AFX_DIALOG_LAYOUT
resource name VURUDUYONECUS
resource name XASOBEZEHAMUHEYENEXUT
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 176128
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x011ba000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2992
region_size: 278528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0005d000', u'virtual_address': u'0x00001000', u'entropy': 7.324576615958312, u'name': u'.text', u'virtual_size': u'0x0005ce10'} entropy 7.32457661596 description A section with a high entropy has been found
entropy 0.841628959276 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Steam.21253
MicroWorld-eScan Trojan.GenericKD.47246737
FireEye Generic.mg.44a8c9e3ca634b85
McAfee Packed-GDT!44A8C9E3CA63
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005896171 )
Alibaba TrojanSpy:Win32/Stealer.13db31fd
K7GW Trojan ( 005896171 )
Cybereason malicious.f3a042
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HNBE
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender Trojan.GenericKD.47246737
Avast FileRepMalware
Ad-Aware Trojan.GenericKD.47246737
Sophos Mal/Generic-S
Baidu Win32.Trojan.Kryptik.jm
McAfee-GW-Edition Packed-GDT!44A8C9E3CA63
Emsisoft Trojan.GenericKD.47246737 (B)
Ikarus Win32.Outbreak
Webroot W32.Trojan.Gen
MAX malware (ai score=86)
Gridinsoft Trojan.Win32.Packed.ns
Microsoft Trojan:Win32/Azorult.FW!MTB
GData Win32.Packed.Kryptik.6ETZBD
Cynet Malicious (score: 100)
AhnLab-V3 Ransomware/Win.STOP.R446911
Acronis suspicious
Malwarebytes Trojan.MalPack.GS
TrendMicro-HouseCall TROJ_GEN.R002H06JO21
Rising Trojan.Generic@ML.88 (RDML:l4G5YqEizmtWDhmdGwmSeg)
SentinelOne Static AI - Malicious PE
Fortinet W32/Kryptik.HNBB!tr
AVG FileRepMalware
CrowdStrike win/malicious_confidence_100% (W)