popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

images.pdf

UPX Malicious Library OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 20, 2022, 10:30 a.m. Jan. 20, 2022, 10:41 a.m.
Size 290.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 e28ae2f26a165ab891248f17b064f2e7
SHA256 0b7eafb0e73e2bf0e0c6263824ffacbf4869f9121502264e5dc08d09183ae301
CRC32 0D3F997C
ssdeep 6144:lCyhivbmvCsJY0SsBGUQIhUAZKlmRaHYEBB4HFUXL06Sh:l085JYN+DhUACEubBuHFg
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
162.159.138.85 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2364
region_size: 126976
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff90000
allocation_type: 1060864 (MEM_COMMIT|MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0001f400', u'virtual_address': u'0x0002e000', u'entropy': 7.957368527633661, u'name': u'.rsrc', u'virtual_size': u'0x0001f3e8'} entropy 7.95736852763 description A section with a high entropy has been found
entropy 0.432525951557 description Overall entropy of this PE file is high
host 162.159.138.85
Cynet Malicious (score: 100)
McAfee RDN/IcedID
Sangfor Trojan.Win32.Sabsik.FL
CrowdStrike win/malicious_confidence_80% (W)
Cyren W64/Kryptik.GCD.gen!Eldorado
ESET-NOD32 a variant of Win64/Kryptik.CUB
APEX Malicious
BitDefender Trojan.GenericKD.38617577
Avast Win64:TrojanX-gen [Trj]
Ad-Aware Trojan.GenericKD.38617577
TrendMicro TrojanSpy.Win64.BAZARLOADER.YXCASZ
McAfee-GW-Edition BehavesLike.Win64.Generic.dc
Sophos Mal/Generic-S
Ikarus Trojan-Spy.Agent
Microsoft Trojan:Win64/Malgent!MSR
GData Trojan.GenericKD.38617577
AhnLab-V3 Trojan/Win.IcedID.C4787779
MAX malware (ai score=88)
TrendMicro-HouseCall TrojanSpy.Win64.BAZARLOADER.YXCASZ
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Malicious_Behavior.SB
AVG Win64:TrojanX-gen [Trj]