popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

3.exe

Schwerer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 21, 2023, 3:51 p.m. June 21, 2023, 3:55 p.m.
Size 1.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 68749e1f05472d28f9aead6c393da9d2
SHA256 811e59085cb487f0a0f3804b6fb051209d09f31485c6261511c76ae1aef140c9
CRC32 23547451
ssdeep 24576:chloDX0XOf4lLZPs02mOReGh1kLbkZEFK0gmJBphnYf0sO:chloJf6FFOek1kH2EFK0gsBDf
Yara
  • UPX_Zero - UPX packed file
  • Schwerer_IN - Schwerer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73352000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 8362495
sectors_per_cluster: 8362495
bytes_per_sector: 512
root_path: C:
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-wal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Roaming\Opera\Opera\wand.dat
file C:\Users\test22\AppData\Roaming\Opera\Opera7\profile\wand.dat
file C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Temp\B.exe
file C:\Users\test22\AppData\Local\Temp\A.exe
cmdline C:\Windows\system32\cmd.exe /c B.exe /stext B.txt
cmdline C:\Windows\system32\cmd.exe /c A.exe /stext A.txt
file C:\Users\test22\AppData\Local\Temp\A.exe
file C:\Users\test22\AppData\Local\Temp\B.exe
file C:\Users\test22\AppData\Local\Temp\A.exe
file C:\Users\test22\AppData\Local\Temp\B.exe
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x0000012c
process_name: mobsync.exe
process_identifier: 2292
1 1 0

Process32NextW

 snapshot_handle: 0x0000012c
process_name: taskhost.exe
process_identifier: 2364
1 1 0

Process32NextW

 snapshot_handle: 0x0000012c
process_name: 3.exe
process_identifier: 2556
1 1 0

Process32NextW

 snapshot_handle: 0x0000012c
process_name: cmd.exe
process_identifier: 2616
1 1 0

Process32NextW

 snapshot_handle: 0x0000012c
process_name: conhost.exe
process_identifier: 2652
1 1 0

Process32NextW

 snapshot_handle: 0x0000012c
process_name: A.exe
process_identifier: 2676
1 1 0
section {u'size_of_data': u'0x00054800', u'virtual_address': u'0x00130000', u'entropy': 7.9369860120575355, u'name': u'UPX1', u'virtual_size': u'0x00055000'} entropy 7.93698601206 description A section with a high entropy has been found
section {u'size_of_data': u'0x000ac800', u'virtual_address': u'0x00185000', u'entropy': 7.995487884723799, u'name': u'.rsrc', u'virtual_size': u'0x000ad000'} entropy 7.99548788472 description A section with a high entropy has been found
entropy 1.0 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
registry HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
registry HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
registry HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Bkav W32.AIDetectMalware
Elastic malicious (moderate confidence)
MicroWorld-eScan AIT:Trojan.Nymeria.4261
FireEye Generic.mg.68749e1f05472d28
Cylance unsafe
VIPRE AIT:Trojan.Nymeria.4261
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
Arcabit AIT:Trojan.Nymeria.D10A5 [many]
Cyren W32/AutoIt.VB.gen!Eldorado
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/PSWTool.MailPassView.E potentially unsafe
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender AIT:Trojan.Nymeria.4261
Tencent Malware.Win32.Gencirc.11aa7228
Sophos Generic ML PUA (PUA)
F-Secure Dropper.DR/AutoIt.Gen8
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.tc
Trapmine malicious.high.ml.score
Emsisoft AIT:Trojan.Nymeria.4261 (B)
Ikarus Trojan.Autoit
Avira DR/AutoIt.Gen8
Antiy-AVL GrayWare/MSIL.Kryptik.enu
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData AIT:Trojan.Nymeria.4261 (3x)
Google Detected
ALYac AIT:Trojan.Nymeria.4261
MAX malware (ai score=85)
Malwarebytes Malware.AI.4248435701
Rising Trojan.Generic@AI.91 (RDML:czcnGeSvfpBnZAqN760VYg)
Cybereason malicious.f05472
DeepInstinct MALICIOUS