popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

v1.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 3, 2023, 9:22 a.m. May 3, 2023, 9:31 a.m.
Size 1.6MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2d1952dc0776774b3d9366412a44de4d
SHA256 45ac86c9c4501113f3912d513270d66a5c7bf5a6edb0a89fbb23965271b1049f
CRC32 40589266
ssdeep 49152:FNwP4UmS2Wa0NwUKx6Zke9JlFRVtrq5cj0d:3wQrS2WQUKx6Zk0p2X
PDB Path C:\towen kobasago\Rimobog\boheva\vifofo jaw\jayi lov.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
akncteplcvwufmhwurtde4eunbsher5.noqycpnanw01gd0x
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path C:\towen kobasago\Rimobog\boheva\vifofo jaw\jayi lov.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 1118208
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00870000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 3870720
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0aa70000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000064
process_name: mobsync.exe
process_identifier: 2276
1 1 0

Process32NextW

 snapshot_handle: 0x00000064
process_name: pw.exe
process_identifier: 2320
1 1 0

Process32NextW

 snapshot_handle: 0x00000064
process_name: sdclt.exe
process_identifier: 2384
1 1 0
section {u'size_of_data': u'0x00148a00', u'virtual_address': u'0x00001000', u'entropy': 7.879343493831929, u'name': u'.text', u'virtual_size': u'0x001489a0'} entropy 7.87934349383 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002ea00', u'virtual_address': u'0x00251000', u'entropy': 7.6616283433341215, u'name': u'.rsrc', u'virtual_size': u'0x0002e9f0'} entropy 7.66162834333 description A section with a high entropy has been found
entropy 0.947003154574 description Overall entropy of this PE file is high
buffer Buffer with sha1: 332f4f0f99d8991e2fce3bf3b1cfd3713f154dff
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Strab.4!c
MicroWorld-eScan Gen:Variant.Ser.Jaik.3792
ALYac Gen:Variant.Jaik.143670
Cylance unsafe
VIPRE Gen:Variant.Ser.Jaik.3792
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a4b911 )
Alibaba Trojan:Win32/Strab.7726ea98
K7GW Trojan ( 005a4b911 )
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/GenKryptik.GJED
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Strab.bgr
BitDefender Trojan.GenericKD.66815717
NANO-Antivirus Trojan.Win32.Strab.jvwbpx
Avast Win32:DropperX-gen [Drp]
Tencent Win32.Trojan.FalseSign.Zmhl
Emsisoft Gen:Variant.Ser.Jaik.3792 (B)
F-Secure Trojan.TR/Kryptik.iayeg
TrendMicro TrojanSpy.Win32.VIDAR.YXDEAZ
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.2d1952dc0776774b
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Krypt
GData Gen:Variant.Ser.Jaik.3792
Webroot W32.Trojan.FL
Avira TR/Kryptik.iayeg
Gridinsoft Ransom.Win32.Sabsik.sa
Arcabit Trojan.Ser.Jaik.DED0
ZoneAlarm Trojan.Win32.Strab.bgr
Microsoft Trojan:Win32/Casdet!rfn
Google Detected
AhnLab-V3 Dropper/Win.Generic.C5421341
McAfee Artemis!2D1952DC0776
MAX malware (ai score=80)
VBA32 BScope.TrojanPSW.RedLine
Malwarebytes Crypt.Trojan.Malicious.DDS
Panda Trj/Chgt.AD
TrendMicro-HouseCall TrojanSpy.Win32.VIDAR.YXDEAZ
Rising Spyware.AveMaria!8.108C2 (TFE:5:gPYSJezLNfH)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
BitDefenderTheta Gen:NN.ZexaF.36164.JvX@aOIJKZeG
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)