popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

c91d43b8-ec7d-4544-b731-5418681100ce

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 20, 2023, 9:43 a.m. March 20, 2023, 9:50 a.m.
Size 217.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 ca341777340c9f6a7ba878b3e37fcf9c
SHA256 8591b86016fee0267755649d008dfb73d0d7ac44ff4bb27f94585477b2eb5924
CRC32 232947F2
ssdeep 3072:ess1fPMY0xyVpX5sLRRQRo0PnPdvAP2JyCiNZOQGWpOeXNzxc2NA1YSlajLgYBRH:efPVvX5G8nFmnvOZWB6MAkgLs
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1664
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01301000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00022200', u'virtual_address': u'0x00011000', u'entropy': 7.575141889936462, u'name': u'.data', u'virtual_size': u'0x00022dfc'} entropy 7.57514188994 description A section with a high entropy has been found
entropy 0.664233576642 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Strab.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.234298
McAfee Artemis!CA341777340C
Alibaba Trojan:Win32/GenKryptik.c54ddf5b
CrowdStrike win/malicious_confidence_70% (W)
Arcabit Trojan.Fragtor.D3933A
BitDefenderTheta Gen:NN.ZexaF.36344.nu2@ae7awaoi
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.GHTO
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win32.Strab.gen
BitDefender Gen:Variant.Fragtor.234298
Avast Win32:CrypterX-gen [Trj]
Emsisoft Gen:Variant.Fragtor.234298 (B)
VIPRE Gen:Variant.Fragtor.234298
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.high.ml.score
FireEye Gen:Variant.Fragtor.234298
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.Crypt
Gridinsoft Trojan.Win32.Gen.bot
Microsoft Ransom:Win32/Aicat.A!ml
GData Gen:Variant.Fragtor.234298
Google Detected
ALYac Gen:Variant.Fragtor.234298
MAX malware (ai score=89)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0CCJ23
Rising Stealer.Agent!8.C2 (TFE:5:WOenaBb7pGL)
AVG Win32:CrypterX-gen [Trj]