popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

secmorganzx.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 4, 2023, 5:34 p.m. June 4, 2023, 5:38 p.m.
Size 239.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e5cd98442cbc3af8dbc877ecd99a58d2
SHA256 2226d226f5fa9254e215ccb373c6cd203ad2ad325a074d6232afb595cb07c455
CRC32 25CFCD55
ssdeep 3072:plYBD304bU+eRGsWzw8xY2rqqyKcCmBLSzNc4EzxuRZylRmcBvgNCI8MuBKy4:TY+4bUSjwYYTqJcC6Xk6mcBvaCNG
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
77.91.68.62 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002bc000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00760000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00013a00', u'virtual_address': u'0x00018000', u'entropy': 7.82826798043888, u'name': u'.data', u'virtual_size': u'0x00293028'} entropy 7.82826798044 description A section with a high entropy has been found
entropy 0.329140461216 description Overall entropy of this PE file is high
host 77.91.68.62
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Mokes.4!c
DrWeb Trojan.Packed2.45335
MicroWorld-eScan Gen:Variant.Zusy.470978
ALYac Gen:Variant.Zusy.470978
Malwarebytes Trojan.MalPack.GS
Sangfor Virus.Win32.Save.a
Alibaba Backdoor:Win32/Mokes.0baa17fb
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Zusy.D72FC2
Cyren W32/Kryptik.JYI.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Trojan.Zusy-10003616-0
Kaspersky HEUR:Backdoor.Win32.Mokes.gen
BitDefender Gen:Variant.Zusy.470978
Avast Win32:RansomX-gen [Ransom]
Emsisoft Gen:Variant.Zusy.470978 (B)
F-Secure Backdoor.BDS/Mokes.aviys
VIPRE Gen:Variant.Zusy.470978
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dh
Trapmine malicious.high.ml.score
FireEye Generic.mg.e5cd98442cbc3af8
Sophos Troj/Krypt-XU
SentinelOne Static AI - Suspicious PE
Avira BDS/Mokes.aviys
MAX malware (ai score=85)
Antiy-AVL Trojan/MSIL.Agent
Gridinsoft Ransom.Win32.LokiBot.bot
Microsoft PWS:Win32/Primarypass.A
ZoneAlarm HEUR:Backdoor.Win32.Mokes.gen
GData Gen:Variant.Zusy.470978
Google Detected
AhnLab-V3 Ransomware/Win.StopCrypt.R583596
McAfee Artemis!E5CD98442CBC
VBA32 BScope.Backdoor.Tofsee
Cylance unsafe
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_GEN.R002H0CF223
Rising Trojan.Generic@AI.100 (RDML:mIieUxomlLx+MWSQXBU89g)
Ikarus Trojan.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HTSA!tr
AVG Win32:RansomX-gen [Ransom]
Cybereason malicious.42cbc3
DeepInstinct MALICIOUS