Summary | ZeroBOX

putty.exe

UPX Malicious Library PWS PE64 PE File OS Processor Check
Category Machine Started Completed
FILE s1_win7_x6402 March 12, 2022, 10:54 p.m. March 12, 2022, 10:56 p.m.
Size 1.1MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 6fa14b3b1c54a26f0b9bbcd2f6b45899
SHA256 601cdbddfe6ac894daff506167c164c65446f893d1d5e4b95e92d960ff5f52b0
CRC32 DA2AB092
ssdeep 24576:cy2Xx8ZbQ63aRtpjmi9CBBjP0rQw/6zSYUZrpdSdwwDtrmqb:cy2gbQ63Kj1CBSrQwZ1pdSdvDtrmK
Yara
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section .00cfg
section .gfids
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefa7c7000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef7019000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0004b200', u'virtual_address': u'0x000da000', u'entropy': 7.827676788580819, u'name': u'.rsrc', u'virtual_size': u'0x0004b030'} entropy 7.82767678858 description A section with a high entropy has been found
entropy 0.264757709251 description Overall entropy of this PE file is high