popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

installer.exe

Malicious Library Antivirus UPX Malicious Packer PE64 OS Processor Check PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 19, 2022, 9:40 a.m. Dec. 19, 2022, 9:44 a.m.
Size 5.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 62843ec5a756d35abea6fca30f20e93f
SHA256 7afb1d5a36efd1582c94ec739eac8f920aba12c0936d307f43be592d505edba7
CRC32 30C5F495
ssdeep 98304:kaBSFD2U4MIauPm+hYQLTxxHRR15upQhg4j30uZvEne7:kaBSV2UjuPm+hYQLTr15upQe4j3ZNEnG
PDB Path I:\Crypts\Kover (vouch)\Project03\installer.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
pdb_path I:\Crypts\Kover (vouch)\Project03\installer.pdb
section _RDATA
resource name RES
section {u'size_of_data': u'0x00465200', u'virtual_address': u'0x000f5000', u'entropy': 7.972958809660985, u'name': u'.rsrc', u'virtual_size': u'0x004651d0'} entropy 7.97295880966 description A section with a high entropy has been found
entropy 0.824342888543 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x0000000000000074
regkey_r:
reg_type: 3 (REG_BINARY)
value: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd†°´5êð. 0Ä @  `…@@ „ H.text@à Ä `.rsrc„Æ@@HèÈB°Âú0Õ+(—e+A~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ&Ý*A ÀÍ 0A+(È*G/( ( o (+~%:&~þ s %€(+(+o  ( @O(%,o Ži 8š( œXŽi?ßÿÿÿ8J(%,o   Ži  8   š( œ X   Ži?ßÿÿÿ(( Ži( @( & Ži( ( &*0a+(„ vg(  ( @K(%,o Ži 8 š( œX Ži?áÿÿÿ8J(%,o Ži 8š( œXŽi?ßÿÿÿ( o (+~%:&~þ s %€(+(+o Ý &~ Ý~ ( 9G((Ži(  @ ( &Ži(    ( &*·Fý J+(x('I((*0t+(—36j PŽiYjnjXZ 8APPŽij]iPPŽij]i‘Žij]i‘aPjXPŽij]i‘Y X ]ҜjX >¸ÿÿÿPŽiY(+P*07+(ÅÖXL( (+( ( o (! ((" *^+(³rTV(Ÿs€*N+(gK[(Ÿ(# *z+(tÀ8(o$ (% ( *¶+(I[I`(& ((' o( o$ (% o *0Û+(ó+d~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ &(s) z*A ÀÍ 0»+(†(ZCT %Œ¢%MŒ¢%MŒ¢%Œ¢%KŒ¢ ( o (+~%:&~þs %€(+(+o (( Ð(* (+ o, ¥9*š¥T*N+(Xí~^(Ÿ(# *^+(€mRR(Ÿs€*N+(h¿Rj(Ÿ(# *z+(Ý=Jc(o$ (% ( *0#+(ÆÆfZ( ~o- ~¢*~+(ûkL~š%: &(*‚+(CíX~š%: & (*‚+(L¦2n~š%: & (*‚+(ó>V~š%: &&(*‚+(£J#?~š%: &=(*‚+(¦@"0~š%: &N(*‚+(ڃ2P~š%: &\(*‚+(5F[m~š%: &{(*Ž+(:L~š%:& ‘ (*–+(A==Z~ š%:& š (*0d+(&*m(Ÿ € ¦%Ð(. € 8~~‘a ªaҜX ~Žiþ:Öÿÿÿ*0j +(À‘Lb~  Xo/ o0  89š ~  o1 Xo2 t. (3 t o4 X Ži?¾ÿÿÿ*N+(ÓZ^Z(Ÿ(# *š+(ú5-4(ŸÐ (* o5 o6 € *0w€#Ð (* o5 € @%Ð:(. €/€.€!€2€ s# €"€ s# € €€€€~ €~ €$€*€€€%s7 €€+j€0€€(j€€1€)€,€~ €€s8 €'€€€€€€&~ € (9 %Ð;(. o( €-(: Ý&Ý*e p *0 W 
regkey: HKEY_CURRENT_USER\Software\Logic Media Explorer\(Default)
1 0 0
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x0000000000000074
regkey_r:
reg_type: 3 (REG_BINARY)
value: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd†°´5êð. 0Ä @  `…@@ „ H.text@à Ä `.rsrc„Æ@@HèÈB°Âú0Õ+(—e+A~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ&Ý*A ÀÍ 0A+(È*G/( ( o (+~%:&~þ s %€(+(+o  ( @O(%,o Ži 8š( œXŽi?ßÿÿÿ8J(%,o   Ži  8   š( œ X   Ži?ßÿÿÿ(( Ži( @( & Ži( ( &*0a+(„ vg(  ( @K(%,o Ži 8 š( œX Ži?áÿÿÿ8J(%,o Ži 8š( œXŽi?ßÿÿÿ( o (+~%:&~þ s %€(+(+o Ý &~ Ý~ ( 9G((Ži(  @ ( &Ži(    ( &*·Fý J+(x('I((*0t+(—36j PŽiYjnjXZ 8APPŽij]iPPŽij]i‘Žij]i‘aPjXPŽij]i‘Y X ]ҜjX >¸ÿÿÿPŽiY(+P*07+(ÅÖXL( (+( ( o (! ((" *^+(³rTV(Ÿs€*N+(gK[(Ÿ(# *z+(tÀ8(o$ (% ( *¶+(I[I`(& ((' o( o$ (% o *0Û+(ó+d~ ( <jX( ( ( jXjX( ( &( jXjX ( ( j @ `jX 8pjX ( ( ( jXjX( ( ( jXjX( ( &( jXjX( ( ( jXjX( ( ( jX jX( ( ( jX$jX( (   8•( ( jX ZjX( ( jX( ( o 9U(  jX ZjX( ( X ( jX YZjX( (  (  jX( 8 X  ?bÿÿÿÝ &(s) z*A ÀÍ 0»+(†(ZCT %Œ¢%MŒ¢%MŒ¢%Œ¢%KŒ¢ ( o (+~%:&~þs %€(+(+o (( Ð(* (+ o, ¥9*š¥T*N+(Xí~^(Ÿ(# *^+(€mRR(Ÿs€*N+(h¿Rj(Ÿ(# *z+(Ý=Jc(o$ (% ( *0#+(ÆÆfZ( ~o- ~¢*~+(ûkL~š%: &(*‚+(CíX~š%: & (*‚+(L¦2n~š%: & (*‚+(ó>V~š%: &&(*‚+(£J#?~š%: &=(*‚+(¦@"0~š%: &N(*‚+(ڃ2P~š%: &\(*‚+(5F[m~š%: &{(*Ž+(:L~š%:& ‘ (*–+(A==Z~ š%:& š (*0d+(&*m(Ÿ € ¦%Ð(. € 8~~‘a ªaҜX ~Žiþ:Öÿÿÿ*0j +(À‘Lb~  Xo/ o0  89š ~  o1 Xo2 t. (3 t o4 X Ži?¾ÿÿÿ*N+(ÓZ^Z(Ÿ(# *š+(ú5-4(ŸÐ (* o5 o6 € *0w€#Ð (* o5 € @%Ð:(. €/€.€!€2€ s# €"€ s# € €€€€~ €~ €$€*€€€%s7 €€+j€0€€(j€€1€)€,€~ €€s8 €'€€€€€€&~ € (9 %Ð;(. o( €-(: Ý&Ý*e p *0 W 
regkey: HKEY_CURRENT_USER\Software\Logic Media Explorer\(Default)
1 0 0
Elastic malicious (moderate confidence)
MicroWorld-eScan Gen:Variant.Lazy.272934
FireEye Gen:Variant.Lazy.272934
ALYac Gen:Variant.Lazy.272934
Arcabit Trojan.Lazy.D42A26
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GDIW
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.BypassUAC.aby
BitDefender Gen:Variant.Lazy.272934
Avast CrypterX-gen [Trj]
Tencent Malware.Win32.Gencirc.1168df41
Ad-Aware Gen:Variant.Lazy.272934
Emsisoft Gen:Variant.Lazy.272934 (B)
VIPRE Gen:Variant.Lazy.272934
McAfee-GW-Edition BehavesLike.Win64.Generic.tc
Trapmine malicious.moderate.ml.score
Sophos Mal/Generic-S
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm Trojan.Win32.BypassUAC.aby
GData Gen:Variant.Lazy.272934
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5326569
McAfee Artemis!62843EC5A756
MAX malware (ai score=89)
Malwarebytes Trojan.Crypt.Generic
Rising Trojan.Kryptik!8.8 (TFE:5:CBR6z2xCXtJ)
Ikarus Trojan.Win64.Krypt
AVG CrypterX-gen [Trj]