popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

smbscanlocal-1bf850b4d9587c1017a75a47680584c4.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 20, 2023, 10:01 a.m. July 20, 2023, 10:04 a.m.
Size 2.0MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 1bf850b4d9587c1017a75a47680584c4
SHA256 ac470c2fa05a67dd03cdc427e9957e661cd0ec7aecd9682ddb0b32c5cfc18955
CRC32 68C0F44D
ssdeep 49152:UELEoxcmAny6Zh9DzmwJe/sKomVVE0zXlKSQjYU:lEoxcpnjPe/xJ7jQ
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: failed to validate config: UUID must not be empty
console_handle: 0x0000000b
1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x00208000', u'virtual_address': u'0x002df000', u'entropy': 7.880372161882094, u'name': u'UPX1', u'virtual_size': u'0x00208000'} entropy 7.88037216188 description A section with a high entropy has been found
entropy 0.999759673155 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe3d
function_name: wine_get_version
module: ntdll
module_address: 0x76f10000
3221225785 0
Bkav W32.Common.282DC358
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (moderate confidence)
MicroWorld-eScan DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
FireEye Generic.mg.1bf850b4d9587c10
CAT-QuickHeal Trojan.IGENERIC
ALYac DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
Malwarebytes RanumBot.Trojan.Downloader.DDS
VIPRE DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00596e9b1 )
Alibaba Exploit:Win32/RanumBot.656f14a5
K7GW Trojan ( 00596e9b1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
BitDefenderTheta Gen:NN.ZexaF.36318.coGfamdJUcn
Cyren W32/ABRisk.DSBY-5269
Symantec Trojan Horse
ESET-NOD32 a variant of WinGo/RanumBot.AP
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
NANO-Antivirus Trojan.Win32.Generic.jurlyp
ViRobot Trojan.Win.Z.Ranumbot.2130944
Avast Win32:Evo-gen [Trj]
Tencent Malware.Win32.Gencirc.13c1a0ec
Emsisoft DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7 (B)
F-Secure Trojan.TR/RanumBot.lfdkq
Zillya Trojan.RanumBot.Win32.634
TrendMicro Trojan.Win32.RANUMBOT.USASHBB23
McAfee-GW-Edition BehavesLike.Win32.Generic.vc
Sophos Mal/Generic-S
Ikarus Trojan.WinGo.Ranumbot
Webroot W32.Trojan.Gen
Avira TR/RanumBot.lfdkq
MAX malware (ai score=83)
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Gridinsoft Malware.Win32.Wacatac.cc
Xcitium Malware@#1bvvo2myfleiu
Microsoft Trojan:Win32/Tnega!MSR
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData DeepScan:Generic.Malware.GFW!wre!Xh.8721B4C7
Google Detected
AhnLab-V3 Trojan/Win.YD.R555141
Acronis suspicious
McAfee Artemis!1BF850B4D958
Cylance unsafe
Panda Trj/RnkBend.A
TrendMicro-HouseCall Trojan.Win32.RANUMBOT.USASHBB23