Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 21, 2023, 10:09 a.m.	March 21, 2023, 10:19 a.m.

Size	1.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`46748c64f38cbf845c1802db5b367ed2`
SHA256	`ef688cd74166870ac8d395b36a0de4fce4c014149557fdca2ab15281ce49559a`
CRC32	`8610E8B3`
ssdeep	`24576:Ix9AMUUdzbF054Lzkiun+WcEtB/PWwufJzW16hK+wyzWY:IBl24B+JHWwkJzW1oRwyz`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.yizoso

resource name	AFX_DIALOG_LAYOUT
resource name	TEFUHAZIYUVOVONIDIMAWARULOBEKA
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 21, 2023, 10:07 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 950272 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory March 21, 2023, 10:07 a.m.	process_identifier: 2556 region_size: 987136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x000e8800', u'virtual_address': u'0x0000d000', u'entropy': 7.997097320047632, u'name': u'.data', u'virtual_size': u'0x00165d0c'}

entropy

7.99709732005

description

A section with a high entropy has been found

entropy

0.898985016916

description

Overall entropy of this PE file is high

photo_004.exe