popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

os2.exe

Emotet Gen1 Generic Malware UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE64 PE File OS Processor Check PE32 ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 20, 2023, 11:19 a.m. March 20, 2023, 11:25 a.m.
Size 11.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ceea1dc43163e1ab1bda2fbbac5cfda8
SHA256 ee4668d7ca1c84e11f460bf48f9e8f298bd4875862ba17f21e9deabc688b9494
CRC32 12700BA1
ssdeep 196608:WzF3kAXqHjxbAQvaNJm3AqowejuJDUX47dwdW0JB2nTxYPJNupwl1:eFUOqHjxy/m3poaUX47d4edDI
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\registers.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25642\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\pywin32_system32\pywintypes311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\pywin32_system32\pythoncom311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\._upx.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\netconn_properties.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\upx.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25642\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\python311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\registers.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25642\exe\netconn_properties.exe
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.5555911646380345, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'} entropy 7.55559116464 description A section with a high entropy has been found
Elastic malicious (moderate confidence)
MicroWorld-eScan Gen:Variant.Ursu.709771
FireEye Gen:Variant.Ursu.709771
ALYac Gen:Variant.Zusy.451481
Malwarebytes Spyware.PasswordStealer.Python
Arcabit Trojan.Ursu.DAD48B [many]
BitDefenderTheta Gen:NN.ZexaF.36344.huW@aeJe9Qgi
Cynet Malicious (score: 100)
BitDefender Gen:Variant.Ursu.709771
Avast Win32:Malware-gen
Rising Trojan.Generic@AI.89 (RDML:oc5w8lEsWjMrq48bNz86dw)
Emsisoft Gen:Variant.Ursu.709771 (B)
VIPRE Gen:Variant.Ursu.709771
McAfee-GW-Edition BehavesLike.Win64.Backdoor.wc
Jiangmin Trojan.Generic.horqm
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Variant.Zusy.451481
McAfee Artemis!CEEA1DC43163
MAX malware (ai score=86)
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen