popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wnqeiwbpae.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 30, 2023, 9:40 a.m. Jan. 30, 2023, 9:47 a.m.
Size 7.4MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 ab72029b00e744545fe11d04918d12ba
SHA256 633ec6bac41a0a36d8ed5cf50392742f1490f3dcbf4c6792efc3b70fbacc2004
CRC32 82BC0FA1
ssdeep 196608:dZkKDdWzNLqrZQRcFE7qQGshXJbs0+XHeOeKp:8WdoN2K97msvQ
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
154.39.255.235 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .asmc0
section .asmc1
section .asmc2
section {u'size_of_data': u'0x0073c200', u'virtual_address': u'0x00801000', u'entropy': 7.964687933982133, u'name': u'.asmc2', u'virtual_size': u'0x0073c040'} entropy 7.96468793398 description A section with a high entropy has been found
entropy 0.984452860275 description Overall entropy of this PE file is high
host 154.39.255.235
Bkav W32.AIDetectNet.01
FireEye Generic.mg.ab72029b00e74454
Cylance Unsafe
Cybereason malicious.2739fd
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:HackTool.Win32.Krasnoglaz.ev
NANO-Antivirus Virus.Win32.Gen.ccmw
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Suspicious PE
Microsoft Trojan:Win32/Sabsik.FL.B!ml
VBA32 BScope.TrojanPSW.RedLine
Malwarebytes Malware.Heuristic.1003
Rising Trojan.Generic@AI.100 (RDML:4oz8U7lsE/+KvF1A04wlBw)
BitDefenderTheta Gen:NN.ZexaF.36212.@Z0@aq5vIPmO