popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

creal.exe

Emotet Gen1 Generic Malware UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 24, 2023, 6:06 p.m. March 24, 2023, 6:08 p.m.
Size 14.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 2120b49043ad53c0a73cbf60bc110f8e
SHA256 7dd0f281b3da915e99690900150c0af179d057ca09e36bc33ef699d497e680aa
CRC32 4CE78EE1
ssdeep 393216:uu7L/kdQuslN/m3pDl9AJ4ZoWOv+9fPV4av4GoEsof:uCLsdQu4KRS4ZorvS3N4zEsof
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\pywin32_system32\pywintypes310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\pywin32_system32\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libssl-1_1.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.555582090040167, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'} entropy 7.55558209004 description A section with a high entropy has been found
Lionic Trojan.Win32.Shelm.tseF
MicroWorld-eScan Trojan.GenericKD.66069587
FireEye Trojan.GenericKD.66069587
Malwarebytes Spyware.PasswordStealer.Python
Alibaba TrojanPSW:Win32/Almi_Disco.a
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D3F02453
Cyren W64/ABRisk.YZJN-0109
Symantec Trojan.Gen.2
Elastic malicious (high confidence)
ESET-NOD32 Python/PSW.Agent.ANE
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.66069587
Avast Python:Creal-A [Pws]
Emsisoft Trojan.GenericKD.66069587 (B)
McAfee-GW-Edition BehavesLike.Win64.Backdoor.vc
Ikarus Trojan-Spy.Python.NitroStealer
Jiangmin Trojan.Generic.horqm
Webroot W32.Trojan.Gen
Avira TR/PSW.Agent.jkrrw
Antiy-AVL Trojan[PSW]/Python.Disco
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win32/Casdet!rfn
GData Win32.Trojan-Stealer.Cordimik.AB4CO9
Google Detected
McAfee Artemis!2120B49043AD
MAX malware (ai score=81)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0DCM23
Rising Stealer.Agent/PYC!1.E3BE (CLASSIC)
Fortinet Python/Agent.UT!tr
AVG Python:Creal-A [Pws]
Panda Trj/Chgt.AD