Summary | ZeroBOX

Contract_02_21_Copy#32.exe

Malicious Library UPX OS Processor Check PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6402 March 29, 2023, 9:50 a.m. March 29, 2023, 9:52 a.m.
Size 1.4MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 6e4e21b15f5c27ca82b7934fa6544c5d
SHA256 897e53b648020ab28663240bbbce54546cf6f55b35019fd4aa2a209c4a3b1832
CRC32 388CA10F
ssdeep 24576:XrmJ8nj4+I2lkxeUHhb7o8728eU44yDjQNBmTW7MKfMhk:iJ0hEeuxu2zfX
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
163.223.67.191 Active Moloch
164.124.101.2 Active Moloch
197.170.198.152 Active Moloch
210.251.33.116 Active Moloch
40.193.27.226 Active Moloch
73.237.181.95 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
section .gfids
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 3028
region_size: 569344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000004c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 3028
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772e1000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00051800', u'virtual_address': u'0x0011a000', u'entropy': 7.238496183202367, u'name': u'.data', u'virtual_size': u'0x000534a0'} entropy 7.2384961832 description A section with a high entropy has been found
entropy 0.223978014428 description Overall entropy of this PE file is high
host 163.223.67.191
host 197.170.198.152
host 210.251.33.116
host 40.193.27.226
host 73.237.181.95
Lionic Trojan.Win32.Injuke.16!c
DrWeb Trojan.Inject4.53146
MicroWorld-eScan Trojan.GenericKD.65626319
FireEye Generic.mg.6e4e21b15f5c27ca
CAT-QuickHeal Trojan.Injuke
McAfee Artemis!6E4E21B15F5C
Malwarebytes Trojan.BumbleBee
Zillya Trojan.GenKryptik.Win64.7817
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Injuke.4da01848
K7GW Trojan ( 0059b1961 )
K7AntiVirus Trojan ( 0059b1961 )
Arcabit Trojan.Generic.D3E960CF
VirIT Trojan.Win64.Agent.IO
Symantec Trojan.Gen.2
Elastic malicious (moderate confidence)
ESET-NOD32 Win64/Bumblebee.K
Cynet Malicious (score: 100)
Paloalto generic.ml
Kaspersky Trojan.Win32.Injuke.gotp
BitDefender Trojan.GenericKD.65626319
Avast Win64:DangerousSig [Trj]
VIPRE Trojan.GenericKD.65626319
TrendMicro Trojan.Win64.BUMBLELOADER.YXDBVZ
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.GenericKD.65626319 (B)
Webroot W32.Trojan.Leonem
Antiy-AVL Trojan/Win64.GenKryptik
Gridinsoft Trojan.Win64.Gen.bot
Xcitium Malware@#1sh9h7p7zksw0
ViRobot Trojan.Win.Z.Genkryptik.1502360
GData Trojan.GenericKD.65626319
Google Detected
AhnLab-V3 Trojan/Win.Leonem.R559516
ALYac Trojan.Agent.Bumblebee
MAX malware (ai score=84)
TrendMicro-HouseCall Trojan.Win64.BUMBLELOADER.YXDBVZ
Rising Trojan.MalCert!1.E2A1 (CLASSIC)
Ikarus Trojan.Win64.Krypt
MaxSecure Trojan.Malware.201016361.susgen
Fortinet W64/GenKryptik.GGLH!tr
AVG Win64:DangerousSig [Trj]
Panda Trj/Chgt.AD
dead_host 163.223.67.191:321
dead_host 197.170.198.152:234
dead_host 40.193.27.226:315
dead_host 210.251.33.116:444
dead_host 73.237.181.95:225