popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

108.61.117.130:3002

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 29, 2023, 1:42 p.m. May 29, 2023, 1:42 p.m.
Size 339.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 64806167a0e3b3d2b5bb3bd4d1b32f17
SHA256 32279c5b0f9a949784e0a7b86aa92c0870cc85d7fa8f12312ea77420dc408931
CRC32 A3B219C1
ssdeep 3072:pHvLA5tMF+rvZlMyu2TakqF5fw8zwHb0UN8o1mvQt1vb2GFqH5ZQwKqpQ:lvLAo4vZlMo4Zw8zFUZVHvb2GwvKqO
PDB Path C:\newibifemeya.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\newibifemeya.pdb
section {u'size_of_data': u'0x00036400', u'virtual_address': u'0x00001000', u'entropy': 7.787799929844164, u'name': u'.text', u'virtual_size': u'0x00036382'} entropy 7.78779992984 description A section with a high entropy has been found
entropy 0.64106351551 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
FireEye Generic.mg.64806167a0e3b3d2
CAT-QuickHeal Ransom.Stop.P5
Malwarebytes MachineLearning/Anomalous.94%
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00516fdf1 )
K7GW Riskware ( 00584baa1 )
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky UDS:Trojan-Spy.Win32.Stealer.gen
Avast RansomX-gen [Ransom]
McAfee-GW-Edition BehavesLike.Win32.Corrupt.fh
Trapmine suspicious.low.ml.score
Sophos ML/PE-A
SentinelOne Static AI - Suspicious PE
Google Detected
Gridinsoft Ransom.Win32.STOP.dg!n
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm UDS:Trojan-Spy.Win32.Stealer.gen
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5397363
Acronis suspicious
McAfee Artemis!64806167A0E3
Cylance unsafe
Rising Trojan.Generic@AI.100 (RDML:91I4hYpH9K0AgqO2SY20kw)
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.300983.susgen
AVG RansomX-gen [Ransom]
Cybereason malicious.8a54fd
DeepInstinct MALICIOUS