popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1055716893.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 13, 2022, 9:48 a.m. Dec. 13, 2022, 9:53 a.m.
Size 2.5MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 d2bad349906b711cf59df7178146abff
SHA256 63b14b74c629ae9cdddacfd42fed6593a59b4d16841036e7af06a92a5853c69f
CRC32 E1A9AB65
ssdeep 49152:vfuWC+4w1Qh8jbj66yrgeBeh0BVWmqzfGCXGhGmGl8ZyahqPR3hhjEX/x0q0HVrS:vftC+RG6bjh2neh0BdqlH58ZyahqPPhw
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.239.239.194 Active Moloch
164.124.101.2 Active Moloch
65.21.213.208 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 65.21.213.208:3000 -> 192.168.56.103:49161 2029538 ET HUNTING EXE Base64 Encoded potential malware Misc activity

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x76b298cd
1055716893+0x22b687 @ 0xacb687
1055716893+0xfca0 @ 0x8afca0
1055716893+0x28ab3 @ 0x8c8ab3
1055716893+0x25c67d @ 0xafc67d
1055716893+0x1396 @ 0x8a1396
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 80 78 07 05 0f 84 a4 ff 04 00 f6 40 07 3f 0f 84
exception.symbol: RtlFreeHeap+0x3f RtlAllocateHeap-0x62 ntdll+0x2dfc4
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 188356
exception.address: 0x778cdfc4
registers.esp: 4321580
registers.edi: 0
registers.eax: 8106104
registers.ebp: 4321596
registers.edx: 8106112
registers.ebx: 8106112
registers.esi: 13565952
registers.ecx: 4321880
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Chromium\User Data\Local State
file C:\Users\test22\AppData\Local\Temp\bebra.exe
section {u'size_of_data': u'0x0025e600', u'virtual_address': u'0x00001000', u'entropy': 6.854104016364307, u'name': u'.text', u'virtual_size': u'0x0025e524'} entropy 6.85410401636 description A section with a high entropy has been found
entropy 0.934322033898 description Overall entropy of this PE file is high
host 185.239.239.194
host 65.21.213.208
file C:\Users\test22\AppData\Local\Temp\bebra.exe
FireEye Generic.mg.d2bad349906b711c
Cylance Unsafe
K7AntiVirus Spyware ( 005690661 )
Alibaba TrojanSpy:Win32/Redcap.29349ab4
K7GW Spyware ( 005690661 )
BitDefenderTheta Gen:NN.ZexaF.36106.IMX@a0Cy1Gj
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Spy_AGen.A
Avast Win32:Evo-gen [Trj]
McAfee-GW-Edition Artemis!Trojan
Avira TR/Redcap.uedex
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Win32.Trojan.Agent.D5YVKY
Cynet Malicious (score: 99)
AhnLab-V3 Trojan/Win.Generic.C5312952
McAfee Artemis!D2BAD349906B
VBA32 BScope.Trojan.Bebra
Malwarebytes Trojan.FakeSig
Rising Trojan.Spy!8.17567 (TFE:5:BYwIgtW3wcD)
SentinelOne Static AI - Suspicious PE
Fortinet W32/Spy_AGen.A!tr
AVG Win32:Evo-gen [Trj]