popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

w-9.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 5, 2023, 4:46 p.m. June 5, 2023, 4:51 p.m.
Size 3.3MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 2dbc44aae677e2661475da5b2a3aac2e
SHA256 d69e64c8de74690ecfa20fc380712bde67ccd031680b1d08d961273430f5f2e0
CRC32 D7E5DC91
ssdeep 98304:Mvo4U0Px7IeqqKnDvOw5VtAdZi7Vh2/y:MC2xEbbvj5QdZ2h26
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2023/06/05 16:46:57 [U-0]
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x00352000', u'virtual_address': u'0x005f7000', u'entropy': 7.886468030708143, u'name': u'UPX1', u'virtual_size': u'0x00352000'} entropy 7.88646803071 description A section with a high entropy has been found
entropy 0.9998529628 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0036f669
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Windigo.4!c
Elastic malicious (moderate confidence)
MicroWorld-eScan Gen:Variant.Fragtor.227523
ALYac Gen:Variant.Fragtor.227523
Malwarebytes Trojan.MalPack.GO
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 00584baa1 )
Alibaba Trojan:Win32/Windigo.bca6f1e2
K7GW Riskware ( 00584baa1 )
Arcabit Trojan.Fragtor.D378C3
Symantec ML.Attribute.HighConfidence
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Trojan-Proxy.Win32.Windigo.ce
BitDefender Gen:Variant.Fragtor.227523
Avast Win32:TrojanX-gen [Trj]
Tencent Win32.Trojan-Proxy.Windigo.Wimw
Sophos Mal/Generic-S
F-Secure Trojan.TR/Redcap.bdwfc
VIPRE Gen:Variant.Fragtor.227523
TrendMicro TROJ_GEN.R03BC0XF323
McAfee-GW-Edition BehavesLike.Win32.Generic.wc
FireEye Gen:Variant.Fragtor.227523
Emsisoft Gen:Variant.Fragtor.227523 (B)
Webroot W32.Trojan.Gen
Avira TR/Redcap.bdwfc
MAX malware (ai score=89)
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Gridinsoft Ransom.Win32.Sabsik.cl
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm Trojan-Proxy.Win32.Windigo.ce
GData Gen:Variant.Fragtor.227523
McAfee Artemis!2DBC44AAE677
Cylance unsafe
Panda Trj/RnkBend.A
TrendMicro-HouseCall TROJ_GEN.R03BC0XF323
Rising Trojan.Windigo!8.10C2F (CLOUD)
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:TrojanX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)