popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

KLIPE.exe

MPRESS UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 16, 2023, 4:59 p.m. June 16, 2023, 5:01 p.m.
Size 4.4MB
Type MS-DOS executable, MZ for MS-DOS
MD5 af6e384dfabdad52d43cf8429ad8779c
SHA256 f327c2b5ab1d98f0382a35cd78f694d487c74a7290f1ff7be53f42e23021e599
CRC32 602DAC91
ssdeep 98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
Yara
  • UPX_Zero - UPX packed file
  • MPRESS_Zero - MPRESS packed file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "Telemetry Logging" has successfully been created.
console_handle: 0x00000007
1 1 0
section .MPRESS1
section .MPRESS2
resource name PNG
resource name STYLE_XML
resource name SVG
resource name None
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2660
thread_handle: 0x000000ac
process_identifier: 2656
current_directory:
filepath: C:\Windows\System32\schtasks.exe
track: 1
command_line: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
filepath_r: C:\Windows\System32\schtasks.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x000000b0
1 1 0
section {u'size_of_data': u'0x003f8200', u'virtual_address': u'0x00001000', u'entropy': 7.9999616134756515, u'name': u'.MPRESS1', u'virtual_size': u'0x00777000'} entropy 7.99996161348 description A section with a high entropy has been found
entropy 0.913370786517 description Overall entropy of this PE file is high
cmdline /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Tasker.1g!c
MicroWorld-eScan Trojan.GenericKD.67384538
CAT-QuickHeal Trojan.Tasker
McAfee Artemis!AF6E384DFABD
Malwarebytes Crypt.Trojan.MSIL.DDS
VIPRE Trojan.GenericKD.67384538
Sangfor Trojan.Win32.Kryptik.Vepr
K7AntiVirus Trojan ( 005a6a451 )
Alibaba Trojan:Win64/GenKryptik.bad94b3f
K7GW Trojan ( 005a6a451 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZexaF.36250.@pvaauVb5Xf
Cyren W32/ABRisk.IMFB-1778
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.GKGU
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky Trojan.Win32.Tasker.azjz
BitDefender Trojan.GenericKD.67384538
NANO-Antivirus Trojan.Win32.Tasker.jwmnde
Avast Win32:Malware-gen
Rising Dropper.Addrop!8.11F (TFE:5:vt5tArsod5K)
Emsisoft Trojan.GenericKD.67384538 (B)
F-Secure Heuristic.HEUR/AGEN.1304053
DrWeb Trojan.MulDrop22.13627
TrendMicro TROJ_GEN.R002C0XF723
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
FireEye Trojan.GenericKD.67384538
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
Avira HEUR/AGEN.1304053
Antiy-AVL Trojan/Win64.GenKryptik
Microsoft Trojan:Win32/Wacatac.B!ml
Gridinsoft Trojan.Win32.Kryptik.cl
Arcabit Trojan.Generic.D40434DA
ZoneAlarm Trojan.Win32.Tasker.azjz
GData Trojan.GenericKD.67384538
Google Detected
VBA32 Trojan.Downloader
ALYac Trojan.GenericKD.67384538
MAX malware (ai score=100)
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XF723
Tencent Malware.Win32.Gencirc.13c9fe3d
Yandex Trojan.GenKryptik!ZBnuSVhJO/k
MaxSecure Trojan.Malware.209836116.susgen