popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

IE_NET.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 26, 2023, 5:44 p.m. May 26, 2023, 5:46 p.m.
Size 272.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a02d63d3aa1793aca12ed3d79ac4870c
SHA256 0cb284664631d64d2aceb8868ecee06302e406476ad7893d07eca2efa33bb1b9
CRC32 6AD1BBAD
ssdeep 6144:zGs1VQJDouMcMoR84oamnK5MN8/ZXm2LBr:ztQBoNcMZTasK5MN893
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 73728
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0079c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.469633
FireEye Generic.mg.a02d63d3aa1793ac
CAT-QuickHeal Ransom.Stop.P5
McAfee Artemis!A02D63D3AA17
Malwarebytes Trojan.MalPack.GS
Sangfor Virus.Win32.Save.a
Arcabit Trojan.Zusy.D72A81
Cyren W32/Kryptik.JWF.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HTQA
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Backdoor.Win32.Mokes.gen
BitDefender Gen:Variant.Zusy.469633
Avast Win32:RansomX-gen [Ransom]
Tencent Win32.Backdoor.Mokes.Bdhl
Emsisoft Gen:Variant.Zusy.469633 (B)
DrWeb Trojan.Siggen20.56562
VIPRE Gen:Variant.Zusy.469633
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dh
Trapmine malicious.high.ml.score
Sophos ML/PE-A
Ikarus Trojan.Win32
Antiy-AVL Trojan[Backdoor]/Win32.Mokes
Gridinsoft Ransom.Win32.STOP.dg!n
Microsoft Ransom:Win32/StopCrypt.MCZ!MTB
ZoneAlarm HEUR:Backdoor.Win32.Mokes.gen
GData Gen:Variant.Zusy.469633
Google Detected
AhnLab-V3 Trojan/Win.Generic.R581409
VBA32 Malware-Cryptor.2LA.gen
MAX malware (ai score=80)
Cylance unsafe
Rising Trojan.Generic@AI.100 (RDML:PDepYyMeozIkVyOMMNqqDA)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HTQA!tr
AVG Win32:RansomX-gen [Ransom]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)