Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 29, 2023, 5:33 p.m.	March 29, 2023, 5:44 p.m.

Size	610.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`05d614ae9941dc597f918230c0938d11`
SHA256	`069823eb52c902e7e4c80cb0ad2395d38eb0f98d1de05d6d054b20149f9bf556`
CRC32	`30ECAC90`
ssdeep	`6144:BVPLGN8jlL7aYv2hQOrRpvSmy68IcScoVCNohy/2eyLZxSeFVSt4DoQqdqsZ5WVs:PVLGu2hQMRYmb8I03oI/8Xn0d/K4f9`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
316

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Foreign language identified in PE resource (4 events)

name

RT_ICON

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0009c5c8

size

0x000010a8

name

RT_ICON

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0009c5c8

size

0x000010a8

name

RT_GROUP_ICON

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0009d670

size

0x00000022

name

RT_VERSION

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0009d698

size

0x000002f4

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

CrowdStrike	win/malicious_confidence_90% (W)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.05d614ae9941dc59
ZoneAlarm	UDS:DangerousObject.Multi.Generic
McAfee	Artemis!05D614AE9941

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00031a00', u'virtual_address': u'0x00063000', u'entropy': 6.952108843986761, u'name': u'.data', u'virtual_size': u'0x00033c0c'}

entropy

6.95210884399

description

A section with a high entropy has been found

entropy

0.325676784249

description

Overall entropy of this PE file is high

1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All