popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

trust.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 30, 2023, 5:11 p.m. May 30, 2023, 5:21 p.m.
Size 274.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1f95b8c2dc09a84f6a9fe6f74dbf7d96
SHA256 9892c10b94bbb90688cdc3dd6d51f3343b9cc19069fa4c1fe3594600a3d03330
CRC32 D2B27114
ssdeep 3072:pD8qOVO6HzqC1fCwNQrRLwY8xzIbbTDnxG5JU1DAY2L0a5M6:F8qOVOjtwNQrRLwY8x8bbTD0Oa5
PDB Path C:\zezacuxe31 satixonit16\jir.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\zezacuxe31 satixonit16\jir.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 86016
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0080c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1156
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00330000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00026000', u'virtual_address': u'0x00001000', u'entropy': 7.624498807278681, u'name': u'.text', u'virtual_size': u'0x00025fae'} entropy 7.62449880728 description A section with a high entropy has been found
entropy 0.556776556777 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
McAfee Artemis!1F95B8C2DC09
Malwarebytes Generic.Malware/Suspicious
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00516fdf1 )
K7GW Trojan ( 00516fdf1 )
Cybereason malicious.596e43
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:DropperX-gen [Drp]
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dh
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.1f95b8c2dc09a84f
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Gridinsoft Ransom.Win32.STOP.dg!n
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Ransom:Win32/StopCrypt.SL!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5397385
Acronis suspicious
Cylance unsafe
Rising Trojan.Generic@AI.100 (RDML:G9P1wnYposaofFJ4p8r26Q)
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)