Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 24, 2023, 8:47 a.m.	April 24, 2023, 8:51 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`80ac68554b8fbc206b02e378609903a4`
SHA256	`b9a67f5d7e13ef6dc6cb2baf8821bfec123dfb6aa5729e30357b8433d4ad4458`
CRC32	`9E3BBC6F`
ssdeep	`24576:hu0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:Y0+BshUC1VzUjjPP0/`
PDB Path	C:\guvanacopisem-puhalivadawid\maxawew.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\guvanacopisem-puhalivadawid\maxawew.pdb

resource name	AFX_DIALOG_LAYOUT
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 24, 2023, 8:47 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 1077248 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ca0000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 24, 2023, 8:47 a.m.	process_identifier: 1188 region_size: 1118208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04600000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00118000', u'virtual_address': u'0x00001000', u'entropy': 7.985553635347363, u'name': u'.text', u'virtual_size': u'0x00117eca'}

entropy

7.98555363535

description

A section with a high entropy has been found

entropy

0.928689883914

description

Overall entropy of this PE file is high

photo_320.exe