popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

clp2.exe

Malicious Library UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 22, 2023, 8:42 a.m. May 22, 2023, 8:48 a.m.
Size 7.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 114802905a97d79114782772cc7106cb
SHA256 4ca5ed8d0d1fcc84349cf03ce8157e0727f6bc31cb93649c75565730542ba85a
CRC32 003E0A23
ssdeep 98304:GtXzxJ+uYdXyw8YDFb/smHOteMy0gXc0pSi5H+nYqwEomKfHMACl2h/Xg:Gz5Y1yCtsQ0gXc0U8enYqXTEMpiY
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section _RDATA
section Q4UUVQFN
section .0Dev
section {u'size_of_data': u'0x00031a00', u'virtual_address': u'0x00378000', u'entropy': 6.975917332010297, u'name': u'.rdata', u'virtual_size': u'0x000319e2'} entropy 6.97591733201 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003800', u'virtual_address': u'0x003c3000', u'entropy': 7.6387221544897494, u'name': u'.pdata', u'virtual_size': u'0x00003744'} entropy 7.63872215449 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000600', u'virtual_address': u'0x003c8000', u'entropy': 7.040379734534859, u'name': u'Q4UUVQFN', u'virtual_size': u'0x00000498'} entropy 7.04037973453 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x003c9000', u'entropy': 7.249027895395683, u'name': u'Q4UUVQFN', u'virtual_size': u'0x00000b00'} entropy 7.2490278954 description A section with a high entropy has been found
section {u'size_of_data': u'0x00195600', u'virtual_address': u'0x0048e000', u'entropy': 7.644280475541753, u'name': u'Q4UUVQFN', u'virtual_size': u'0x001954ac'} entropy 7.64428047554 description A section with a high entropy has been found
section {u'size_of_data': u'0x0018c400', u'virtual_address': u'0x00625000', u'entropy': 7.726256540583334, u'name': u'Q4UUVQFN', u'virtual_size': u'0x0018c2e4'} entropy 7.72625654058 description A section with a high entropy has been found
entropy 0.435864790884 description Overall entropy of this PE file is high
MicroWorld-eScan Gen:Variant.Lazy.345052
Cylance unsafe
Cybereason malicious.9a2f1b
Arcabit Trojan.Lazy.D543DC
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Kryptik_AGen.HS
APEX Malicious
BitDefender Gen:Variant.Lazy.345052
Avast Win64:CrypterX-gen [Trj]
Emsisoft Gen:Variant.Lazy.345052 (B)
FireEye Generic.mg.114802905a97d791
Sophos Generic ML PUA (PUA)
Gridinsoft Trojan.Heur!.02012023
GData Gen:Variant.Lazy.345052
Cynet Malicious (score: 100)
MAX malware (ai score=81)
MaxSecure Trojan.Malware.300983.susgen
AVG Win64:CrypterX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_60% (D)