popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

a.exe

UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 27, 2023, 10:19 a.m. March 27, 2023, 10:33 a.m.
Size 152.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 1dc49de091d11dd75ff77444e1b2e286
SHA256 067874627d98163c43bd4626c24911e4eda83dc42dc5940addbd17abb493d5fc
CRC32 74D88952
ssdeep 3072:a2ESa+9yVb9w6k00pHT3g1n4M7RJtsE04rlod8I2sWpYl7k1E4I1bTMq:a2ESa88ILV3g1nTlo8pO4C
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
a+0xc6a0 @ 0x13f7dc6a0
a+0x2d99 @ 0x13f7d2d99
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: f7 f9 8b d8 89 44 24 38 eb 09 bb 01 00 00 00 89
exception.symbol: a+0xc6a0
exception.instruction: idiv ecx
exception.module: a.exe
exception.exception_code: 0xc0000094
exception.offset: 50848
exception.address: 0x13f7dc6a0
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 3080160
registers.r11: 646
registers.r8: 3079736
registers.r9: 0
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00003200', u'virtual_address': u'0x00026000', u'entropy': 6.971591569627363, u'name': u'.rsrc', u'virtual_size': u'0x00003130'} entropy 6.97159156963 description A section with a high entropy has been found
Lionic Hacktool.Win32.Hijak.3!c
DrWeb Tool.UACMe.6
MicroWorld-eScan Gen:Variant.Ulise.388589
ALYac Gen:Variant.Ulise.388589
Malwarebytes Malware.AI.1882062616
Zillya Tool.UACMe.Win64.182
Sangfor Hacktool.Win32.Uacme.Vwun
Alibaba HackTool:Win32/Hijak.6e72c2b9
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Ulise.D5EDED
Cyren W64/UACme.B.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/HackTool.UACMe.O
Cynet Malicious (score: 100)
Paloalto generic.ml
Kaspersky HEUR:HackTool.Win32.Hijak.gen
BitDefender Gen:Variant.Ulise.388589
Avast Win64:HacktoolX-gen [Trj]
Tencent Malware.Win32.Gencirc.10bd9a41
Emsisoft Gen:Variant.Ulise.388589 (B)
VIPRE Gen:Variant.Ulise.388589
McAfee-GW-Edition BehavesLike.Win64.Drixed.ch
FireEye Generic.mg.1dc49de091d11dd7
Sophos UACMe (PUA)
Jiangmin HackTool.Hijak.f
Avira HEUR/AGEN.1310507
Antiy-AVL HackTool/Win64.UACme
Microsoft VirTool:Win32/ColorUAC.A!MTB
GData Gen:Variant.Ulise.388589
Google Detected
AhnLab-V3 Trojan/Win.UACMe.R533556
McAfee Artemis!1DC49DE091D1
MAX malware (ai score=81)
TrendMicro-HouseCall TROJ_GEN.R002H0CCH23
Rising Trojan.Crypto!8.364 (TFE:2:W9zjiRQyiSN)
Yandex Riskware.UACMe!fQ57oq3YJ1g
Ikarus Trojan.Win64.Hacktool
MaxSecure Trojan.Malware.184689696.susgen
Fortinet W64/UACMe.O!tr
AVG Win64:HacktoolX-gen [Trj]