Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 14, 2023, 9:30 a.m.	June 14, 2023, 9:37 a.m.

Size	540.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`46003a917927235059d68042c451a6ca`
SHA256	`4d20cc81fe3369624b78b05419fea8efdf9f147fa13ff541561ae4298b3c5ad8`
CRC32	`5DD87929`
ssdeep	`12288:WioEcxmEeHrkc/hopGjiZdJiCb8jSjSbgDW/zmquIuG:WREBEeHrkcWpamECo+jLDW/Kni`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ June 14, 2023, 9:30 a.m.	stacktrace: exception.instruction_r: 00 67 00 75 00 6d 00 65 00 6e 00 74 00 73 00 00 exception.symbol: patlak+0x15549 exception.instruction: add byte ptr [edi], ah exception.module: patlak.exe exception.exception_code: 0xc0000005 exception.offset: 87369 exception.address: 0x415549 registers.esp: 1636464 registers.edi: 1971678522 registers.eax: 2382339840 registers.ebp: 51184804 registers.edx: 2130566132 registers.ebx: 1636544 registers.esi: 6007041 registers.ecx: 2560	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 14, 2023, 9:30 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 14, 2023, 9:30 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00330000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0001a000', u'virtual_address': u'0x00001000', u'entropy': 6.821174539732648, u'name': u'.text', u'virtual_size': u'0x00019fa8'}

entropy

6.82117453973

description

A section with a high entropy has been found

entropy

0.928571428571

description

Overall entropy of this PE file is high

buffer

Buffer with sha1: 09a4f3776beec99ccdb6260c5e48a5eab5c8244b

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
Sangfor	Suspicious.Win32.Save.vb
Alibaba	Trojan:Win32/Injector.63267fca
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.CLZC
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:RATX-gen [Trj]
F-Secure	Trojan.TR/Dropper.Gen
McAfee-GW-Edition	BehavesLike.Win32.Trojan.hc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.46003a9179272350
Sophos	Mal/VB-FD
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
Gridinsoft	Trojan.Win32.Remcos.bot
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.Agent.45GXW9
Google	Detected
Acronis	suspicious
McAfee	Artemis!46003A917927
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R014H0CFD23
Rising	Trojan.Injector!8.C4 (CLOUD)
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Injector.DBRX!tr
BitDefenderTheta	AI:Packer.3650088121
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.42d451
DeepInstinct	MALICIOUS

patlak.exe