popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

nmooul5hrjbg6.channal1.exe

UPX Malicious Library Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 4, 2023, 5:10 p.m. April 4, 2023, 5:12 p.m.
Size 1.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b8ff396f094c22492fa957fbcf2d6a94
SHA256 d504922abfbd95fed6cc1bcc7558dd44fe268f28a6b990e26b32df0c4ff96e82
CRC32 28B41FD8
ssdeep 12288:cfjlo/jfjO+IQAZr3bH44+Z1E10NydOAh:cfjAhM3bY4yq0NJY
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .liker
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
nmooul5hrjbg6+0x17856 @ 0xee7856
nmooul5hrjbg6+0x17a5c @ 0xee7a5c
nmooul5hrjbg6+0xfcea @ 0xedfcea
nmooul5hrjbg6+0x603d @ 0xed603d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 00 8b 06 59 8b 00 03 c0 83 64 c7 24 00 8b 4f 0c
exception.symbol: nmooul5hrjbg6+0xad3c
exception.instruction: add byte ptr [ebx + 0x8b5906], cl
exception.module: nmooul5hrjbg6.channal1.exe
exception.exception_code: 0xc0000005
exception.offset: 44348
exception.address: 0xedad3c
registers.esp: 3603284
registers.edi: 7923896
registers.eax: 4294967294
registers.ebp: 3603336
registers.edx: 4
registers.ebx: 3603940
registers.esi: 0
registers.ecx: 7901160
1 0 0
section {u'size_of_data': u'0x00036000', u'virtual_address': u'0x0002f000', u'entropy': 7.984350227357055, u'name': u'.data', u'virtual_size': u'0x00036c7c'} entropy 7.98435022736 description A section with a high entropy has been found
Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Convagent.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.455062
FireEye Generic.mg.b8ff396f094c2249
CAT-QuickHeal Trojan.Convagent
McAfee Artemis!B8FF396F094C
Cylance unsafe
VIPRE Gen:Variant.Zusy.455062
Sangfor Trojan.Win32.Save.a
Alibaba TrojanSpy:Win32/Stealer.86c6095d
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Kryptik.IXI.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HSZW
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.pef
BitDefender Gen:Variant.Zusy.455062
Avast Win32:Evo-gen [Trj]
Tencent Win32.Trojan-Spy.Stealer.Vimw
Emsisoft Gen:Variant.Zusy.455062 (B)
F-Secure Trojan.TR/Crypt.Agent.wmado
DrWeb Trojan.PWS.Steam.35272
Zillya Backdoor.Agent.Win32.86068
McAfee-GW-Edition BehavesLike.Win32.Generic.tz
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
GData Gen:Variant.Zusy.455062
Avira TR/Crypt.Agent.wmado
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Heur!.02012021
Arcabit Trojan.Zusy.D6F196
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.pef
Microsoft Trojan:Win32/Tiggre!rfn
Google Detected
Acronis suspicious
BitDefenderTheta AI:Packer.78C7773F21
ALYac Gen:Variant.Zusy.455062
MAX malware (ai score=84)
Malwarebytes Spyware.PasswordStealer
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_GEN.R002H0CCS23
Rising Trojan.Generic@AI.100 (RDML:LtCEmfuHjndPWx0RqWlWMw)
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HSKS!tr
AVG Win32:Evo-gen [Trj]