Summary | ZeroBOX

777888_2023-07-27_14-57.exe

Malicious Library UPX OS Processor Check PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6401 July 28, 2023, 2:05 p.m. July 28, 2023, 2:07 p.m.
Size 314.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d106422018f67d798c142062e70a5810
SHA256 2e0f289022b02d1740f9ff0f2b4652967e4944d628e7f709cb48ef817a0e6d6c
CRC32 7B21FF60
ssdeep 3072:BEwbKEP7dGHX+A9pi4jkRq7nhnGzFsgXJTgDHU+L/gyCHFx+XuB+:BnKExGHOQpHjksh2FNXJEDHpxiy
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0029c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2564
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00013800', u'virtual_address': u'0x00029000', u'entropy': 7.8695880508219025, u'name': u'.data', u'virtual_size': u'0x01eb8c0c'} entropy 7.86958805082 description A section with a high entropy has been found
entropy 0.248803827751 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Convagent.4!c
tehtris Generic.Malware
MicroWorld-eScan Trojan.GenericKD.68389768
FireEye Generic.mg.d106422018f67d79
CAT-QuickHeal Ransom.Stop.P5
McAfee Artemis!D106422018F6
Malwarebytes Trojan.MalPack.GS
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00516fdf1 )
K7GW Trojan ( 00516fdf1 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Kryptik.KGM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HUEJ
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Zenpak.gen
BitDefender Trojan.GenericKD.68389768
Avast Win32:CrypterX-gen [Trj]
Tencent Trojan.Win32.Obfuscated.gen
Emsisoft Trojan.GenericKD.68389768 (B)
DrWeb Trojan.PWS.Banker1.37364
TrendMicro TrojanSpy.Win32.URSNIF.YXDG1Z
McAfee-GW-Edition BehavesLike.Win32.Generic.fm
Trapmine malicious.high.ml.score
Sophos Troj/Krypt-WE
SentinelOne Static AI - Suspicious PE
Webroot W32.Malware.Gen
Avira TR/AD.UrsnifDropper.krkbf
Antiy-AVL Trojan/MSIL.Convagent
Gridinsoft Spy.Win32.Gozi.bot
ViRobot Trojan.Win.Z.Sabsik.322048.B
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan.Agent.7X3C52
Google Detected
AhnLab-V3 Trojan/Win.Glupteba.R593754
MAX malware (ai score=80)
VBA32 BScope.TrojanDownloader.Deyma
Cylance unsafe
Panda Trj/Genetic.gen
TrendMicro-HouseCall TrojanSpy.Win32.URSNIF.YXDG1Z
Rising Trojan.Kryptik!1.E892 (CLASSIC)
Ikarus Trojan.Win32.Crypt
Fortinet W32/Kryptik.HUEJ!tr
AVG Win32:CrypterX-gen [Trj]
Cybereason malicious.620d81
DeepInstinct MALICIOUS