popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 20, 2023, 7:29 a.m. June 20, 2023, 7:44 a.m.
Size 307.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9a97e9f36c856d7660f1dedd940a7527
SHA256 60da6ce55330f4f38e98b39bf07cf75fdabd80296429f1538c48d5df499d48d2
CRC32 C1D41B51
ssdeep 6144:XNoiqOcq/PdQPkZEWFEnuAktCN+OKW0w6wErska8MqvmEZm:XNd5ca6kKZnHyC8OKW0w6TskvV
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .hifiyo
resource name AFX_DIALOG_LAYOUT
resource name BUF
resource name MOJEJALIJICUROHOGOFI
resource name RUHALEDUTEKEREZ
resource name ZADOPARISANIPANECUR
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 159744
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1800
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00027600', u'virtual_address': u'0x00015000', u'entropy': 7.923615727515267, u'name': u'.data', u'virtual_size': u'0x0027ebb8'} entropy 7.92361572752 description A section with a high entropy has been found
entropy 0.514705882353 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.GCleaner.4!c
DrWeb Trojan.Inject4.58386
FireEye Generic.mg.9a97e9f36c856d76
McAfee Artemis!9A97E9F36C85
Malwarebytes Trojan.MalPack.GS
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a60081 )
Alibaba Malware:Win32/km_24afa.None
K7GW Trojan ( 005a60081 )
Cybereason malicious.25c740
Symantec Packed.Generic.528
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HTVU
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Avast CrypterX-gen [Trj]
Tencent Trojan.Win32.Obfuscated.gen
TrendMicro Trojan.Win32.AMADEY.YXDFTZ
McAfee-GW-Edition BehavesLike.Win32.Lockbit.fc
Trapmine malicious.high.ml.score
Sophos Troj/Krypt-WE
Ikarus Win32.Outbreak
Gridinsoft Malware.Win32.Gen.bot
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm HEUR:Trojan.Win32.Zenpak.gen
GData Win32.Trojan.GleaMal.1XBHYF
Google Detected
AhnLab-V3 Trojan/Win.SmokeLoader.R587217
Acronis suspicious
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXDFTZ
Rising Trojan.SmokeLoader!1.E66C (CLASSIC)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG CrypterX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)