Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 1, 2022, 1:48 p.m.	May 1, 2022, 1:50 p.m.

Size	1.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6fa14b3b1c54a26f0b9bbcd2f6b45899`
SHA256	`601cdbddfe6ac894daff506167c164c65446f893d1d5e4b95e92d960ff5f52b0`
CRC32	`DA2AB092`
ssdeep	`24576:cy2Xx8ZbQ63aRtpjmi9CBBjP0rQw/6zSYUZrpdSdwwDtrmqb:cy2gbQ63Kj1CBSrQwZ1pdSdvDtrmK`
Yara	Win32_PWS_Loki_Zero - Win32 PWS Loki OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 1, 2022, 1:30 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 1, 2022, 1:30 p.m.		1	1	0

section	.00cfg
section	.gfids

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 1, 2022, 1:30 p.m.	process_identifier: 2124 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa7c7000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory May 1, 2022, 1:30 p.m.	process_identifier: 2124 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef7019000 process_handle: 0xffffffffffffffff	1	0	0

section

{u'size_of_data': u'0x0004b200', u'virtual_address': u'0x000da000', u'entropy': 7.827676788580819, u'name': u'.rsrc', u'virtual_size': u'0x0004b030'}

entropy

7.82767678858

description

A section with a high entropy has been found

entropy

0.264757709251

description

Overall entropy of this PE file is high

putty.exe