popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

11.sfx.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 19, 2023, 3:32 p.m. July 19, 2023, 3:34 p.m.
Size 630.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1ac19ec30a52e2b8c80bd93f8aab003a
SHA256 2fedc32b81844ab97710225242d95e3c731926353a572263c074b51f0b8db1ee
CRC32 51B6B560
ssdeep 12288:+ToPWBv/cpGrU3yDT+tjIjg1vvRDLuyZSwdLe77YlQJ7fdbg:+TbBv5rUlI09vRBZM77rld8
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
section .didat
resource name PNG
file C:\Windows\Temp\11.exe
file C:\Windows\Temp\11.exe
section {u'size_of_data': u'0x0000e200', u'virtual_address': u'0x00064000', u'entropy': 6.802173495258792, u'name': u'.rsrc', u'virtual_size': u'0x0000e050'} entropy 6.80217349526 description A section with a high entropy has been found
Bkav W32.AIDetectMalware
MicroWorld-eScan Zum.Razy.1
FireEye Generic.mg.1ac19ec30a52e2b8
Malwarebytes MachineLearning/Anomalous.95%
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005690671 )
K7GW Trojan ( 005690671 )
Arcabit Zum.Razy.1
Cyren W32/S-1b09bef6!Eldorado
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Malware.Fugrafa-9938779-0
Kaspersky VHO:Trojan-Ransom.Win32.Convagent.gen
BitDefender Zum.Razy.1
Sophos Generic ML PUA (PUA)
VIPRE Zum.Razy.1
McAfee-GW-Edition BehavesLike.Win32.Lockbit.jc
Emsisoft Zum.Razy.1 (B)
Ikarus Trojan-Banker.UrSnif
Gridinsoft Ransom.Win32.STOP.dg!n
Microsoft Trojan:Win32/Redline.GNH!MTB
ZoneAlarm VHO:Trojan-Ransom.Win32.Convagent.gen
GData Zum.Razy.1
Google Detected
Acronis suspicious
ALYac Zum.Razy.1
MAX malware (ai score=84)
Rising Trojan.Kryptik!1.B663 (CLASSIC)
SentinelOne Static AI - Malicious SFX
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.ERHN!tr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_60% (D)