popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

watchdog.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 19, 2023, 3:32 p.m. July 19, 2023, 3:38 p.m.
Size 2.0MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 8e67f58837092385dcf01e8a2b4f5783
SHA256 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa
CRC32 F28EA9F1
ssdeep 49152:y+SUiJeHpNnxG745Mfi39uXrbcI6DOdVgeuaNjwAx1bJljkv6kXjxNh:fdlHA4yiN8cI6SX3hbJCvhx
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
162.55.60.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2023/07/19 15:32:33 failed to install service: set service version: The system cannot find the file specified.
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
file C:\Windows\windefender.exe
section {u'size_of_data': u'0x00201400', u'virtual_address': u'0x002dc000', u'entropy': 7.879767766131887, u'name': u'UPX1', u'virtual_size': u'0x00202000'} entropy 7.87976776613 description A section with a high entropy has been found
entropy 0.99975651327 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
host 162.55.60.2
file C:\Windows\windefender.exe
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe3d
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0
Bkav W32.Common.914412CB
Lionic Trojan.Win32.RanumBot.4!c
MicroWorld-eScan Trojan.Generic.31290049
CAT-QuickHeal Trojan.IGENERIC
ALYac Trojan.Agent.Ranumbot
Cylance unsafe
Zillya Trojan.RanumBot.Win32.496
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00589d931 )
Alibaba Trojan:Win32/RanumBot.c1cfa3ee
K7GW Trojan ( 00589d931 )
CrowdStrike win/malicious_confidence_100% (W)
VirIT Trojan.Win32.Genus.LGM
Cyren W32/ABRisk.NVBT-2599
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of WinGo/RanumBot.AM
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.Generic.31290049
NANO-Antivirus Trojan.Win32.RanumBot.jqcnjd
Avast Win32:MalwareX-gen [Trj]
Tencent Malware.Win32.Gencirc.13c19cac
Emsisoft Trojan.Generic.31290049 (B)
F-Secure Trojan.TR/AD.Nekark.kjwtu
VIPRE Trojan.Generic.31290049
TrendMicro Trojan.Win32.RANUMBOT.SYGQ
McAfee-GW-Edition BehavesLike.Win32.Generic.vc
FireEye Generic.mg.8e67f58837092385
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Trojan.Generic.31290049
Jiangmin Backdoor.MSIL.culd
Webroot W32.Trojan.Gen
Avira TR/AD.Nekark.kjwtu
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Gridinsoft Ransom.Win32.Sabsik.sa
Xcitium Malware@#61liehpoqkft
Arcabit Trojan.Generic.D1DD72C1
ViRobot Trojan.Win32.Z.Ranumbot.2103296
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Tiggre!rfn
Google Detected
AhnLab-V3 Trojan/Win.Glupteba.C5367885
Acronis suspicious
McAfee Artemis!8E67F5883709
MAX malware (ai score=100)
Malwarebytes RanumBot.Trojan.Downloader.DDS
Panda Trj/CI.A