popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pspp

UPX Malicious Library VMProtect PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 10, 2023, 5:58 p.m. May 10, 2023, 6:03 p.m.
Size 7.1MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 14f04f5932bc851acf217a147afb018a
SHA256 6a3067c98e097d24ddde33ad98df7422d66327127fbdfff649e1263cdb1bf645
CRC32 42628009
ssdeep 196608:q6MiO9h9xz2nHTcM5IUA/dU3B4bWpN1xIR:qcOrjziHTpSdUybINXI
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RANDOMX
section _SHA3_25
section _TEXT_CN
section _RDATA
section .vmp0
section .vmp1
section {u'size_of_data': u'0x00716000', u'virtual_address': u'0x00abf000', u'entropy': 7.931477303722599, u'name': u'.vmp1', u'virtual_size': u'0x00715e6c'} entropy 7.93147730372 description A section with a high entropy has been found
entropy 0.999724441995 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Lionic Riskware.Win32.Miner.1!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Application.Miner.2
FireEye Generic.mg.14f04f5932bc851a
CAT-QuickHeal Trojan.Application
ALYac Gen:Variant.Application.Miner.2
Malwarebytes RiskWare.BitCoinMiner
VIPRE Gen:Variant.Application.Miner.2
Sangfor CoinMiner.Win64.Agent.Voy6
K7AntiVirus Adware ( 005424581 )
Alibaba RiskWare:Win64/Miners.6a03e392
K7GW Adware ( 005424581 )
Arcabit Trojan.Application.Miner.2
ESET-NOD32 a variant of Win64/CoinMiner.NL potentially unwanted
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.oosh
BitDefender Gen:Variant.Application.Miner.2
Avast Win64:Evo-gen [Trj]
Tencent Win32.Risktool.Bitcoinminer.Bkjl
Sophos Mal/VMProtBad-A
McAfee-GW-Edition BehavesLike.Win64.Expiro.wc
Trapmine malicious.high.ml.score
Emsisoft Gen:Variant.Application.Miner.2 (B)
Webroot Bitcoinminer.Gen
Antiy-AVL GrayWare/Win64.CoinMiner
Gridinsoft Risk.Win64.CoinMiner.vl!n
Microsoft PUA:Win32/Caypnamer.A!ml
ZoneAlarm not-a-virus:RiskTool.Win32.BitCoinMiner.oosh
GData Gen:Variant.Application.Miner.2
Google Detected
Acronis suspicious
McAfee Artemis!14F04F5932BC
MAX malware (ai score=71)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0CE523
Rising PUA.CoinMiner!8.4639 (CLOUD)
MaxSecure Trojan.Malware.121218.susgen
Fortinet Riskware/CoinMiner
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS