popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WinLoad.exe

Gen1 Generic Malware UPX Malicious Library Anti_VM PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 24, 2023, 9:34 a.m. March 24, 2023, 9:44 a.m.
Size 15.3MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 12a45205a6da702e56b6a07cbe162445
SHA256 4ffc2dd951674e0de58fd53188ec480ca5a2a2c4770e14d83b8ab3dc31028b65
CRC32 E8E569DA
ssdeep 393216:InI9kFhVMcq9yG1CPwDv3uFhwwzUrU2lvzaUY/CNTqP:4I9k9zSM
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
142.250.66.36 Active Moloch
164.124.101.2 Active Moloch
37.230.138.123 Active Moloch
37.230.138.66 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
WriteFile+0x94 GetCPHashNode-0x2c kernelbase+0x1ba4 @ 0x7fefdbf1ba4
WriteFile+0x36 WideCharToMultiByte-0x1a kernel32+0x235d6 @ 0x76fe35d6
winload+0x1fbb @ 0x13f3c1fbb
winload+0x2b75 @ 0x13f3c2b75
winload+0x144c @ 0x13f3c144c
winload+0x1117 @ 0x13f3c1117
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 89 03 b8 01 00 00 00 48 8b 5c 24 78 48 8b b4 24
exception.symbol: WriteFile+0x94 GetCPHashNode-0x2c kernelbase+0x1ba4
exception.instruction: mov dword ptr [rbx], eax
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000005
exception.offset: 7076
exception.address: 0x7fefdbf1ba4
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 3144832
registers.r11: 514
registers.r8: 3143304
registers.r9: 3143344
registers.rdx: 8796092883536
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 32768
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2084_133241120670312500\WinLoad.exe
host 142.250.66.36
host 37.230.138.123
host 37.230.138.66
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Alibaba Trojan:Application/Nuitka.21fc3064
CrowdStrike win/malicious_confidence_70% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Python/Packed.Nuitka.F suspicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win64:Malware-gen
Tencent Malware.Win32.Gencirc.10bdaa4a
McAfee-GW-Edition BehavesLike.Win64.Generic.wh
Jiangmin Trojan.Bingoml.gck
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1331495
Antiy-AVL Trojan[Packed]/Python.Nuitka
Microsoft Program:Win32/Wacapew.C!ml
GData Win64.Trojan.Agent.8Q1MPD
Cynet Malicious (score: 100)
McAfee Artemis!12A45205A6DA
Cylance unsafe
Rising Trojan.Generic/PS!8.13354 (CLOUD)
Fortinet Riskware/Application
AVG Win64:Malware-gen