popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

server.exe

Generic Malware UPX Malicious Library PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 21, 2023, 5:45 p.m. March 21, 2023, 5:47 p.m.
Size 177.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 68d4bfeb87777e1c8766088077822341
SHA256 308110773533c5740fd92d77094da83152f98230cd9635bc8f7dcd7dce910c75
CRC32 63C4F155
ssdeep 3072:MB324Mujr+zpEwSQCah3vidXxwz45BGyEG:F4vDwSxOWxwU5BG
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .xokejo
resource name AFX_DIALOG_LAYOUT
resource name TONIZITOHOWAPEVUMOBEM
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0059c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00013200', u'virtual_address': u'0x0000d000', u'entropy': 7.843760517696202, u'name': u'.data', u'virtual_size': u'0x0009066c'} entropy 7.8437605177 description A section with a high entropy has been found
entropy 0.43342776204 description Overall entropy of this PE file is high
Bkav W32.AIDetectNet.01
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Kryptik.JFT.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HTCA
APEX Malicious
Kaspersky UDS:Trojan.Win32.Zenpak.gen
Avast Win32:CrypterX-gen [Trj]
McAfee-GW-Edition BehavesLike.Win32.Lockbit.ch
Trapmine malicious.high.ml.score
FireEye Generic.mg.68d4bfeb87777e1c
Sophos ML/PE-A
Webroot W32.Malware.Gen
Gridinsoft Ransom.Win32.STOP.dd!n
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Detected
McAfee GenericRXVP-LJ!68D4BFEB8777
VBA32 Malware-Cryptor.Azorult.gen
Cylance unsafe
Rising Trojan.Kryptik!1.E392 (CLASSIC)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HTCA!tr
AVG Win32:CrypterX-gen [Trj]