Summary | ZeroBOX

Clip1.exe

UPX PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us March 22, 2023, 5:26 p.m. March 22, 2023, 5:28 p.m.
Size 7.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 fa0e319484845c1333e5c1e621659027
SHA256 d3d00022e02c57c638d7738e661be715aa74866d8b7495e74b72e0c0f75695dd
CRC32 71F0D0FB
ssdeep 196608:zLBJsvAF7+ftEtuzyeXprQ9z2y6EZaAF5XfpXXIBQQ:zLB+vA9ytEtIJXpGzJzQMfpnIB
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x007b5c00', u'virtual_address': u'0x002a3000', u'entropy': 7.933131713369338, u'name': u'UPX1', u'virtual_size': u'0x007b6000'} entropy 7.93313171337 description A section with a high entropy has been found
entropy 0.999936672788 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Cynet Malicious (score: 100)
McAfee Artemis!FA0E31948484
CrowdStrike win/malicious_confidence_90% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
APEX Malicious
Avast FileRepMalware [Misc]
McAfee-GW-Edition BehavesLike.Win64.Dropper.wc
SentinelOne Static AI - Suspicious PE
Microsoft Trojan:Win32/Casdet!rfn
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware [Misc]