popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

10032b.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 9, 2023, 9:42 a.m. March 9, 2023, 9:45 a.m.
Size 658.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9cb2c1a445f74bdee85086381dc80d7e
SHA256 592ec7037deaaa186814232861ce7451dba4238f258b66f7e7c5ebfa58412d1c
CRC32 D9A35831
ssdeep 12288:R/yPkuc3Eeze8+BYfkOWQKygM0rCtN2ho4KQO5+p5q:RblT+Bkb4M0sY2bQO5+pI
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gojonaw
resource name AFX_DIALOG_LAYOUT
resource name DETUCAB
resource name KAXIGIXIREBIXUCEKUZAVIKIRIJACIJ
resource name VUGIFEVAZEPOLOCIBESA
resource name YAVEL
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 544768
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004d0000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1952
region_size: 585728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00680000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00088c00', u'virtual_address': u'0x00010000', u'entropy': 7.941710351865604, u'name': u'.data', u'virtual_size': u'0x000a21e4'} entropy 7.94171035187 description A section with a high entropy has been found
entropy 0.831939163498 description Overall entropy of this PE file is high
Bkav W32.AIDetectNet.01
tehtris Generic.Malware
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Baidu Win32.Trojan.Kryptik.jm
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Avast PWSX-gen [Trj]
Sophos Troj/Krypt-VE
McAfee-GW-Edition BehavesLike.Win32.Generic.jc
Trapmine malicious.high.ml.score
FireEye Generic.mg.9cb2c1a445f74bde
SentinelOne Static AI - Suspicious PE
Avira HEUR/AGEN.1224196
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
Acronis suspicious
Cylance unsafe
Rising Trojan.Generic@AI.100 (RDML:pa9RcgP2vSA83ROBqq4fXQ)
Ikarus Trojan-Banker.UrSnif
MaxSecure Trojan.Malware.300983.susgen
AVG PWSX-gen [Trj]