popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Logic%20Media%20Explorer.exe

Malicious Library Antivirus UPX Malicious Packer PE64 OS Processor Check PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 7, 2022, 3:45 p.m. Dec. 7, 2022, 3:49 p.m.
Size 5.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 fa9b0ac29dc8d6d7d6078c6bb16bf669
SHA256 4c9c31afa8754dac1148f45387ade1b2c0afac3a05a849bc9ef012ffffeb8a56
CRC32 E1314A75
ssdeep 98304:ZfOBSFD2U4MIauPm+hYQLTxxHRR15upQhg4j30uZvEne7:ZfOBSV2UjuPm+hYQLTr15upQe4j3ZNEG
PDB Path I:\Crypts\Kover (vouch)\Project03\Logic Media Explorer.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
62.204.41.6 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 62.204.41.6:80 -> 192.168.56.103:49172 2402000 ET DROP Dshield Block Listed Source group 1 Misc Attack

Suricata TLS

No Suricata TLS

pdb_path I:\Crypts\Kover (vouch)\Project03\Logic Media Explorer.pdb
section _RDATA
resource name RES
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Kaspersky VHO:HackTool.Win64.Knotweed.bd
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.fa9b0ac29dc8d6d7
section {u'size_of_data': u'0x00465200', u'virtual_address': u'0x000f5000', u'entropy': 7.972958809660985, u'name': u'.rsrc', u'virtual_size': u'0x004651d0'} entropy 7.97295880966 description A section with a high entropy has been found
entropy 0.824267399267 description Overall entropy of this PE file is high
host 62.204.41.6
dead_host 192.168.56.103:49172