popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vulcancontrol.exe

Malicious Packer Malicious Library UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 25, 2023, 9:28 a.m. May 25, 2023, 9:35 a.m.
Size 25.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 4482bb2674adc80b247a13e6901d6945
SHA256 fe9ba02801cb37e7d2cf6a61f705eca55d9f442d91e3c880aaaf782724aa0559
CRC32 A27FE286
ssdeep 393216:7FkkzYdVnfo+nvyzamYwCJwGBvy0/JhkWFI+aui9lrL2d6:7e/lnvaaJwGZyChp2+olrLO
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .rafa0
section .symtab
section .rafa1
section .rafa2
section .rafa3
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/ClipBanker.AJ
Avast Win64:Evo-gen [Trj]
Google Detected
Ikarus Trojan.Win64.Meterpreter
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
section {u'size_of_data': u'0x00008a00', u'virtual_address': u'0x00449000', u'entropy': 7.962231138332092, u'name': u'.rafa0', u'virtual_size': u'0x0000889e'} entropy 7.96223113833 description A section with a high entropy has been found
section {u'size_of_data': u'0x00b24400', u'virtual_address': u'0x00453000', u'entropy': 7.402233657268428, u'name': u'.rafa1', u'virtual_size': u'0x00b243d4'} entropy 7.40223365727 description A section with a high entropy has been found
section {u'size_of_data': u'0x00ab7c00', u'virtual_address': u'0x00f79000', u'entropy': 7.384538436450801, u'name': u'.rafa3', u'virtual_size': u'0x00ab7a48'} entropy 7.38453843645 description A section with a high entropy has been found
entropy 0.844085920292 description Overall entropy of this PE file is high