Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 12, 2023, 9:17 a.m.	May 12, 2023, 9:23 a.m.

Size	292.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`61d510bf7f8a1ab8175ea3e97fce511d`
SHA256	`ade81e5ce6c50a24074a17a06b4d4b6625a135ee08d2f505b71a691c5930a3cb`
CRC32	`DD6530AF`
ssdeep	`3072:FKpXtSVYqLB8knhpNb98Kfri1zN9yAemaMnfF8jNgjiZs5UwiBnkheJ:F2MJLB8KhLSemv9HexMCNRwiBkYJ`
PDB Path	C:\hufib\wowahizu\zoxu\da.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\hufib\wowahizu\zoxu\da.pdb

resource name	AFX_DIALOG_LAYOUT
resource name	GERIMISOLEZUVEMUKIRAFUXEN

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 12, 2023, 9:17 a.m.	process_identifier: 2060 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0252e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory May 12, 2023, 9:17 a.m.	process_identifier: 2060 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00029e00', u'virtual_address': u'0x00001000', u'entropy': 7.534486668975524, u'name': u'.text', u'virtual_size': u'0x00029d3e'}

entropy

7.53448666898

description

A section with a high entropy has been found

entropy

0.57461406518

description

Overall entropy of this PE file is high

s.exe