popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

OK.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 30, 2021, 10:50 a.m. Dec. 30, 2021, 10:57 a.m.
Size 182.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 36c087cb423663c91959f045aa116c22
SHA256 402410a6afb5e119cbabd9f69bbc5e22ed0f2777a459fc81e02feb737f45e706
CRC32 DB31E0C6
ssdeep 3072:ybVcCJGB0z9goLCg9yd7HhSqCNJ+KntK2g33dfEwIjYKlSMpPEpTptc:ybiCJK0+oWg9yd70NJPntiewIUKkMqI
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gda
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: ff 34 30 31 14 24 43 8f 04 30 68 02 c0 41 31 59
exception.symbol: ok+0x501c
exception.instruction: push dword ptr [eax + esi]
exception.module: OK.exe
exception.exception_code: 0xc0000005
exception.offset: 20508
exception.address: 0x17501c
registers.esp: 3865668
registers.edi: 4294967295
registers.eax: 1436
registers.ebp: 3865676
registers.edx: 826392578
registers.ebx: 2130567166
registers.esi: 4214832
registers.ecx: 0
1 0 0
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.36c087cb423663c9
CAT-QuickHeal W32.Perite.A
McAfee W32/Pate.c
Malwarebytes Malware.AI.2980409795
VIPRE Win32.Parite.c (v)
Sangfor Virus.Win32.Parite.B
K7AntiVirus Virus ( 00001b711 )
K7GW Virus ( 00001b711 )
CrowdStrike win/malicious_confidence_100% (D)
Baidu Win32.Virus.Parite.d
VirIT Win32.Parite.H
Cyren W32/Parite.C
Symantec W32.Pinfi.B
ESET-NOD32 Win32/Parite.C
APEX Malicious
ClamAV Heuristics.W32.Parite.B
BitDefender Win32.Parite.C
NANO-Antivirus Virus.Win32.Parite.bysj
MicroWorld-eScan Win32.Parite.C
Tencent Virus.Win32.Parite.a
Ad-Aware Win32.Parite.C
Emsisoft Win32.Parite.C (B)
Comodo Virus.Win32.Parite.gen@1dp8c4
DrWeb Win32.Parite.3
Zillya Virus.Parite.Win32.2
TrendMicro PE_PARITE.A
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
Sophos ML/PE-A + W32/Parite-C
Jiangmin Win32/Parite.c
Avira W32/Parite
MAX malware (ai score=83)
Antiy-AVL Virus/Win32.Parite.c
Gridinsoft Trojan.Heur!.03002201
Arcabit Win32.Parite.C
ViRobot Win32.Parite.C
GData Win32.Parite.C
AhnLab-V3 Win32/Parite
BitDefenderTheta AI:FileInfector.5786848B0E
ALYac Win32.Parite.C
TACHYON Virus/W32.Parite.C
VBA32 Virus.Parite.C
TrendMicro-HouseCall PE_PARITE.A
Rising Malware.Heuristic!ET#88% (RDMK:cmRtazoixqeM0mEvccfTKoTxDUaH)
Yandex Win32.Parite.C
SentinelOne Static AI - Malicious PE
MaxSecure Virus.Parite.C
Fortinet W32/Parite.C
Cybereason malicious.b42366