Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 27, 2021, 9:58 a.m.	Oct. 27, 2021, 10:13 a.m.

Size	506.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`afdd13f1365200afbcadcfe2c702c785`
SHA256	`51eab6aff3092c459dd6e33b5c86b89e5295271923e505eac4fc4f9b31e27482`
CRC32	`75F36934`
ssdeep	`12288:slJdBJ5P3FqXESsB6lcVLpkJFeZ3kl6N9yCZ9bR:slJdBJNFIs7VmFeal6KI`
PDB Path	C:\mol\20_culoluyu_regohazufey14-riduzevonolugu91\neyo.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\mol\20_culoluyu_regohazufey14-riduzevonolugu91\neyo.pdb

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 27, 2021, 9:58 a.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 323584 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0073a000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Oct. 27, 2021, 9:58 a.m.	process_identifier: 2364 region_size: 581632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00075400', u'virtual_address': u'0x00001000', u'entropy': 7.689747326377157, u'name': u'.text', u'virtual_size': u'0x00075324'}

entropy

7.68974732638

description

A section with a high entropy has been found

entropy

0.928712871287

description

Overall entropy of this PE file is high

game.exe