popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

beeeb8705255d18dafdea0f550125dc5d321724db2ab7cbae19a04a953e404ed

Emotet Gen1 Generic Malware UPX ASPack Malicious Library PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 6, 2023, 6:14 p.m. April 6, 2023, 6:19 p.m.
Size 13.9MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 24b23cc20bc799baaa1cc94e0b9b08fe
SHA256 062f9b4fed0686cdc5f87598f80787b20d2dff3fae50a8ba57e97f196cb3db84
CRC32 CAD32BC1
ssdeep 393216:ZqPuYXJBx/m3pgDOEkSgsv9AHt+KWm00l:QPuYXJBxKlAaHrN
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • ASPack_Zero - ASPack packed file
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI26282\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\pywin32_system32\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\pywin32_system32\pywintypes310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI26282\VCRUNTIME140.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.555572206814071, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'} entropy 7.55557220681 description A section with a high entropy has been found
Lionic Trojan.Win32.Shelm.tseF
DrWeb Python.Stealer.737
MicroWorld-eScan Trojan.GenericKD.66106791
FireEye Trojan.GenericKD.66106791
CAT-QuickHeal Trojanpws.Python
ALYac Trojan.GenericKD.66106791
Malwarebytes Malware.AI.4266387664
VIPRE Trojan.GenericKD.66106791
Alibaba TrojanPSW:Win32/Disco.011f7ce5
CrowdStrike win/malicious_confidence_90% (D)
Arcabit Trojan.Generic.D3F0B5A7
Cyren W64/PY_Stealer.A.gen!Eldorado
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.66106791
Avast Python:Agent-IR [Trj]
Emsisoft Trojan.GenericKD.66106791 (B)
F-Secure Heuristic.HEUR/AGEN.1358353
McAfee-GW-Edition BehavesLike.Win64.Backdoor.tc
Sophos Mal/Generic-S
Jiangmin Trojan.Generic.horqm
Avira HEUR/AGEN.1358353
MAX malware (ai score=82)
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win32/Tiggre!rfn
ZoneAlarm HEUR:Trojan-PSW.Python.Disco.gen
GData Trojan.GenericKD.66106791
Cynet Malicious (score: 99)
McAfee Artemis!24B23CC20BC7
Cylance unsafe
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R002H0CCQ23
Tencent Win64.Trojan-PSW.Disco.Qzfl
Ikarus Trojan-Spy.Python.TokenGrabber
Fortinet Python/Stealer.645!tr
AVG Python:Agent-IR [Trj]
DeepInstinct MALICIOUS