Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 12, 2023, 9:19 a.m.	April 12, 2023, 9:27 a.m.

Size	27.8MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`2756a79655d41f63a0af6ff715a68637`
SHA256	`4a02342382c20b606a57daa2d0a1589598def62174726574222eb679ce37fcef`
CRC32	`601D6132`
ssdeep	`786432:a6B8ml1oViqf7efgYeysRwCfN0Lbg2YoS9nKPlw:aXDViqDptiLbzI9nKdw`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ April 12, 2023, 9:19 a.m.	stacktrace: eu6zab44+0x2e98cec @ 0x3298cec eu6zab44+0x21983f6 @ 0x25983f6 exception.instruction_r: 90 41 54 9c 49 bc a0 75 b3 c0 82 44 a6 26 e8 34 exception.symbol: eu6zab44+0x2e98cec exception.instruction: nop exception.module: eU6ZAb44.exe exception.exception_code: 0x80000004 exception.offset: 48860396 exception.address: 0x3298cec registers.r14: 0 registers.r15: 0 registers.rcx: 3735929054 registers.rsi: 5810875953594 registers.r10: 43840 registers.rbx: 9844065042482 registers.rsp: 2293888 registers.r11: 24866060 registers.r8: 82 registers.r9: 655420 registers.rdx: 44 registers.r12: 0 registers.rbp: 6133213298762 registers.rdi: 616 registers.rax: 179192531 registers.r13: 0	1	0	0

Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.X suspicious
Avast	Win64:Evo-gen [Trj]
Trapmine	malicious.moderate.ml.score
Gridinsoft	Trojan.Heur!.002121B3
AVG	Win64:Evo-gen [Trj]

section

{u'size_of_data': u'0x01b79800', u'virtual_address': u'0x01322000', u'entropy': 7.764492437537573, u'name': u'.@0J', u'virtual_size': u'0x01b7976c'}

entropy

7.76449243754

description

A section with a high entropy has been found

entropy

0.9871752136

description

Overall entropy of this PE file is high

eU6ZAb44