popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

portu1.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 30, 2022, 12:06 p.m. Dec. 30, 2022, 12:13 p.m.
Size 408.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a52510e8ee3f4f7844e7c34ca8206058
SHA256 d4527a803b8b50207fd1805e3bc9479fb6ea0eba3d640067e605e5e45f70a8e7
CRC32 F96D4E49
ssdeep 6144:/LCpH1D0WcznoKMHIWr3+jC+pTvkShDh75lwyy6ahyIxZ1WqqdSv9x:/G3SoKYO2+uUh7LydYU
PDB Path C:\remi76\luce\wexume10-dakise78\g.pdb
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\remi76\luce\wexume10-dakise78\g.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 188416
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005dc000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1540
region_size: 307200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00034200', u'virtual_address': u'0x0000a000', u'entropy': 7.520596712817851, u'name': u'.data', u'virtual_size': u'0x00035fc0'} entropy 7.52059671282 description A section with a high entropy has been found
entropy 0.511656441718 description Overall entropy of this PE file is high
Bkav W32.AIDetectNet.01
ClamAV Win.Packer.pkr_ce1a-9980177-0
McAfee Artemis!A52510E8EE3F
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (D)
Cyren W32/Kryptik.IBG.gen!Eldorado
Elastic malicious (high confidence)
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:DropperX-gen [Drp]
Rising Trojan.Generic@AI.94 (RDML:96nbCwREcAUyWY8umKA50Q)
Sophos ML/PE-A
TrendMicro Ransom.Win32.STOP.SMYXCLS.hp
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.a52510e8ee3f4f78
SentinelOne Static AI - Suspicious PE
Microsoft Ransom:Win32/StopCrypt.SAB!MTB
Google Detected
Acronis suspicious
VBA32 BScope.Backdoor.Tofsee
Ikarus Trojan-Dropper.Win32.Blocker
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:DropperX-gen [Drp]
Cybereason malicious.6a003c