Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 14, 2022, 1:26 p.m.	Dec. 14, 2022, 1:28 p.m.

Size	392.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`2bdb5acc4e988fd06a757455ab706054`
SHA256	`881f63a744db8b580970ae2737869322a222d0ccf82b25ed38bf0657f7dfd3a0`
CRC32	`B1CEFC10`
ssdeep	`6144:TFAcN0+Jf+U9vOPTPEKBw68l5t+ohqg6hBNla/dIpzzV+AUYKfX+SYPkdD:TWcN0+Jf0FBwhXL+xJzULfLYPkd`
PDB Path	C:\Users\win10\source\repos\SysLoaderDll2Sandbox\x64\Debug\SysLoaderDll2Sandbox.pdb
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\tempresource.tmp.dll,mydllmain
2556
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\tempresource.tmp.dll,mydllmain
  2704
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\tempresource.tmp.dll,
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\Users\win10\source\repos\SysLoaderDll2Sandbox\x64\Debug\SysLoaderDll2Sandbox.pdb

packer

Microsoft Visual C++ V8.0 (Debug)

section

{u'size_of_data': u'0x00051400', u'virtual_address': u'0x0001f000', u'entropy': 6.907080486194268, u'name': u'.data', u'virtual_size': u'0x000540f8'}

entropy

6.90708048619

description

A section with a high entropy has been found

entropy

0.831202046036

description

Overall entropy of this PE file is high

tempresource.tmp