popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

9a3e5c94-0917-4b87-b1e2-540783d5729f

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 2, 2023, 8:52 a.m. April 2, 2023, 8:55 a.m.
Size 258.8KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 041b96460a5646b883436e0b327829eb
SHA256 831de4f721d72790aa397a9f8ad7b02eaf86b4d522748452922260b0b2127d92
CRC32 97FFDDA3
ssdeep 6144:otjpISgwKH0fqmTSyteqsmri+c2Y7PFT5X8WBIP0GQkA7Hi6SicHQ9:mjRgwnf9Wmri+c2WPF9XsP0GQkALSnu
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
9a3e5c94-0917-4b87-b1e2-540783d5729f+0xaa68 @ 0x40aa68
9a3e5c94-0917-4b87-b1e2-540783d5729f+0xda39 @ 0x40da39
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: d4 87 5d ff a3 99 6a 74 b4 a9 00 00 ff ff ff ff
exception.instruction: aam -0x79
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x18fac8
registers.esp: 1635856
registers.edi: 1636272
registers.eax: 262144
registers.ebp: 1638188
registers.edx: 4390
registers.ebx: 837484166
registers.esi: 1455669248
registers.ecx: 4390
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0043d000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00022400', u'virtual_address': u'0x0001d000', u'entropy': 7.497679090771846, u'name': u'.data', u'virtual_size': u'0x00022edc'} entropy 7.49767909077 description A section with a high entropy has been found
entropy 0.552419354839 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Strab.4!c
Elastic malicious (high confidence)
DrWeb Trojan.PWS.StealerNET.125
MicroWorld-eScan Gen:Variant.Doina.54627
FireEye Gen:Variant.Doina.54627
ALYac Gen:Variant.Jaik.133193
Cylance unsafe
Cynet Malicious (score: 99)
Alibaba Trojan:Win32/Strab.d39668bf
Cyren W32/Kryptik.JJB.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HSEV
APEX Malicious
Paloalto generic.ml
BitDefender Gen:Variant.Doina.54627
VIPRE Gen:Variant.Doina.54627
TrendMicro TROJ_GEN.R002C0DCU23
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
Webroot W32.Trojan.Gen
Avira TR/AD.Nekark.dpmlu
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win32.Gen.bot
Arcabit Trojan.Doina.DD563
ZoneAlarm HEUR:Trojan.Win32.Strab.gen
GData Gen:Variant.Doina.54627
Google Detected
AhnLab-V3 Malware/Win32.Generic.C3978116
VBA32 Trojan.Kryptik
MAX malware (ai score=86)
Malwarebytes Trojan.FakeSig
TrendMicro-HouseCall TROJ_GEN.R002C0DCU23
Tencent Win32.Trojan.FalseSign.Hajl
Fortinet W32/Kryptik.HSEV!tr
Panda Trj/GdSda.A