popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

creal.exe

Emotet Gen1 Generic Malware UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 23, 2023, 6:21 p.m. March 23, 2023, 6:23 p.m.
Size 14.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 2120b49043ad53c0a73cbf60bc110f8e
SHA256 7dd0f281b3da915e99690900150c0af179d057ca09e36bc33ef699d497e680aa
CRC32 4CE78EE1
ssdeep 393216:uu7L/kdQuslN/m3pDl9AJ4ZoWOv+9fPV4av4GoEsof:uCLsdQu4KRS4ZorvS3N4zEsof
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI20682\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\pywin32_system32\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\pywin32_system32\pywintypes310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20682\python310.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.555582090040167, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'} entropy 7.55558209004 description A section with a high entropy has been found
Lionic Trojan.Win32.Shelm.tseF
Malwarebytes Spyware.PasswordStealer.Python
Alibaba TrojanPSW:Win32/Almi_Disco.a
CrowdStrike win/malicious_confidence_100% (W)
Symantec Trojan.Gen.2
Elastic malicious (high confidence)
ESET-NOD32 Python/PSW.Agent.ANE
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Python:Creal-A [Pws]
McAfee-GW-Edition BehavesLike.Win64.Ransom.vc
Jiangmin Trojan.Generic.horqm
Avira TR/PSW.Agent.jkrrw
Antiy-AVL Trojan[PSW]/Python.Disco
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win32/Sabsik.FL.A!ml
GData Win32.Trojan-Stealer.Cordimik.AB4CO9
Google Detected
McAfee Artemis!2120B49043AD
TrendMicro-HouseCall TROJ_GEN.R002H0DCM23
Ikarus Trojan-Spy.Python.NitroStealer
Fortinet Python/Agent.UT!tr
AVG Python:Creal-A [Pws]