popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

UPX Malicious Library OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 9, 2022, 10:54 a.m. Dec. 9, 2022, 10:56 a.m.
Size 978.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 fa6a302b0750f3eacef9f53dad70e1ac
SHA256 aca5df1c030674df2a2951643483c0eca05333dcb1392411f978ae625c269a7e
CRC32 96228B81
ssdeep 24576:D+w4BJ9N1CnDSRZ7acaLaJafaFRQsQvUKgEh3ZOZ7VTVd/fXg0HsiNp+:6w4b9N1CnDST7acaLaJafaFRQsQvUKgs
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
pejapezey.com
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x1c00030
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1c00030
registers.r14: 1453503984
registers.r15: 0
registers.rcx: 110
registers.rsi: 110
registers.r10: 0
registers.rbx: 29360633
registers.rsp: 2028568
registers.r11: 514
registers.r8: 8791748268556
registers.r9: 0
registers.rdx: 1994794592
registers.r12: 0
registers.rbp: 29360138
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001c00000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 16 (PAGE_EXECUTE)
base_address: 0x0000000001c00000
process_handle: 0xffffffffffffffff
1 0 0
MicroWorld-eScan Gen:Variant.Lazy.173675
FireEye Gen:Variant.Lazy.173675
ALYac Gen:Variant.Lazy.173675
VIPRE Gen:Variant.Lazy.173675
Arcabit Trojan.Lazy.D2A66B
APEX Malicious
Cynet Malicious (score: 100)
BitDefender Gen:Variant.Lazy.173675
Avast Win64:TrojanX-gen [Trj]
Ad-Aware Gen:Variant.Lazy.173675
Emsisoft Gen:Variant.Lazy.173675 (B)
GData Gen:Variant.Lazy.173675
McAfee Artemis!FA6A302B0750
AVG Win64:TrojanX-gen [Trj]