Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 7, 2021, 9:47 a.m.	Nov. 7, 2021, 10:08 a.m.

Size	234.1KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`2f10ba7d7cabbff26172fa9befcac2c2`
SHA256	`2c41b190dbd4c3925c50199bea5d0dd4a6a58f8f89e01c3e1635c35d599b264e`
CRC32	`9EFC89D6`
ssdeep	`3072:b5/6jjhOWoqmYstRQs+eR2Wu96+EqEkGTqBQMwVo+PBbhOP3xJPpokK3Bl6DU3ue:bJ6Zv6ntRQwsc+E9fBw37pVDUuNz5ViP`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,DllUnregisterServer
2444
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,DllRegisterServer
2328
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,DllRegisterServer
  2724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aerghlnbbneduhs
2580
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aerghlnbbneduhs
  2864
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aiwkkcxryot
2676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aiwkkcxryot
  2940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aquncxxeyeri
2808
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,aquncxxeyeri
  3060
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,asyfquhsdv
2976
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,asyfquhsdv
  2148
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,avdpulh
2224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,avdpulh
  2504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ayoizyblkjcr
2604
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ayoizyblkjcr
  2820
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bhlgvbmxhbafwsf
2800
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bhlgvbmxhbafwsf
  2964
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bkrpcjqxuyr
2868
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bkrpcjqxuyr
  2408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bnmzzfyna
2372
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bnmzzfyna
  2144
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bwnwjabnjpwijex
2688
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,bwnwjabnjpwijex
  2620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,cacdjzuef
3068
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,cacdjzuef
  2140
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,cdxvnjhfxbez
2560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,cdxvnjhfxbez
  2092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,denawhfigtalypxym
2672
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,denawhfigtalypxym
  3052
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,dvvqsfnc
2136
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,dvvqsfnc
  2484
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,eqmcmblcbtt
2020
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,eqmcmblcbtt
  2700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ewqmfuwwehfcgx
2760
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ewqmfuwwehfcgx
  416
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,favxquprprvm
552
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,favxquprprvm
  2472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fblrjzv
200
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fblrjzv
  1536
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fdbpvduyvrvsit
1876
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fdbpvduyvrvsit
  2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ffqeumpyhjipb
2904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ffqeumpyhjipb
  840
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,forjyoidxgkprwj
108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,forjyoidxgkprwj
  1488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fqqhnnasigcs
2644
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fqqhnnasigcs
  3152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ftxsissa
3224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ftxsissa
  3296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fvqyrygloq
3352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,fvqyrygloq
  3436
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gbliyelkopoquz
3496
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gbliyelkopoquz
  3576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,glxxpla
3636
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,glxxpla
  3748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,goallyvllcrfsek
3740
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,goallyvllcrfsek
  3848
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gofzzigktnlecxmv
3908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gofzzigktnlecxmv
  3972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gqnepbdhebsmgoxp
4052
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,gqnepbdhebsmgoxp
  3184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,hnqxeiwmii
1116
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,hnqxeiwmii
  536
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,hpcondmuqmrhlvk
3412
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,hpcondmuqmrhlvk
  3512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ilixbtuwmbjbeyg
1804
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ilixbtuwmbjbeyg
  3696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ipbpwjoqw
3772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ipbpwjoqw
  3916
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ipovsognxmp
3124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ipovsognxmp
  3244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,itwgvvlqwu
3428
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,itwgvvlqwu
  1672
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kgmrsveokahapodhd
3592
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kgmrsveokahapodhd
  3716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,klbyuahtj
3820
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,klbyuahtj
  3292
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kukryymbvfyxx
3140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kukryymbvfyxx
  3444
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kzyibsncymtnmoalb
3620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,kzyibsncymtnmoalb
  3668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,lohaxgg
2416
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,lohaxgg
  1696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,louyhjskv
1396
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,louyhjskv
  3656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,lrxoldbfdmugw
3928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,lrxoldbfdmugw
  3276
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,majzgacyvcyi
2192
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,majzgacyvcyi
  3976
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,mxdizfhoj
2352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,mxdizfhoj
  4080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,negcybzxgnawzh
3904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,negcybzxgnawzh
  3256
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,niwxveuvmjmm
1168
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,niwxveuvmjmm
  3164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,njjlaru
3376
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,njjlaru
  3476
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nkqvywbzprd
2196
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nkqvywbzprd
  712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nmlrohxs
2040
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nmlrohxs
  4188
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nptuwsodr
4216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,nptuwsodr
  4328
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ntlbplaaystpjlkdo
4408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ntlbplaaystpjlkdo
  4492
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ogthdwobzu
4568
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ogthdwobzu
  4656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ousswsa
4688
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,ousswsa
  4780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pdzuvbhyzuy
4836
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pdzuvbhyzuy
  5004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pfhsbdoqbp
5040
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pfhsbdoqbp
  3608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,picnnoyxzaxptsgh
4156
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,picnnoyxzaxptsgh
  4260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pzppcxnrb
3404
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,pzppcxnrb
  4480
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\leh5.dll,qegdbbkmucrpnd
4584

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 58 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 7, 2021, 9:39 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:39 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:39 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:39 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:39 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:40 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:47 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:48 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0
IsDebuggerPresent Nov. 7, 2021, 9:49 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00018000', u'virtual_address': u'0x00001000', u'entropy': 7.326937636204168, u'name': u'.text', u'virtual_size': u'0x00017ed0'}

entropy

7.3269376362

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0000ba00', u'virtual_address': u'0x0002e000', u'entropy': 7.201040492210626, u'name': u'.data', u'virtual_size': u'0x0000cb80'}

entropy

7.20104049221

description

A section with a high entropy has been found

entropy

0.611587982833

description

Overall entropy of this PE file is high

leh5

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All