popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

update.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 2, 2023, 4:48 p.m. Aug. 2, 2023, 4:51 p.m.
Size 322.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 5057042b2949c60f1d598845c26a2a18
SHA256 e58d93351234c8ba5f47c653f57a7a45ddcb052afb8f331043836c4408533fa1
CRC32 4CD9B268
ssdeep 6144:ydkzF43SM5dCsenQjq2Zs4ogcAWUwxPk47oLFldV1jJrBBxRdE3ajLoSg84KH:y6zF4vCT4q2Z7NBWrl7EzdH9BL5LoSt
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
apps.identrust.com
A 61.111.58.35
CNAME a1952.dscq.akamai.net
CNAME identrust.edgesuite.net
A 61.111.58.34
23.67.53.17
nodejs--veyynveyynov.repl.co
A 35.186.245.55
35.186.245.55
IP Address Status Action
164.124.101.2 Active Moloch
35.186.245.55 Active Moloch
61.111.58.35 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49162 -> 35.186.245.55:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49162
35.186.245.55:443 		C=US, O=Let's Encrypt, CN=R3 CN=repl.co 98:0e:de:6d:18:49:ac:af:7a:dd:24:4f:de:ce:cb:be:26:57:b1:5f

request GET http://apps.identrust.com/roots/dstrootcax3.p7c
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x0004ac00', u'virtual_address': u'0x00071000', u'entropy': 7.998608934573187, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} entropy 7.99860893457 description A section with a high entropy has been found
entropy 0.9300155521 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
FireEye Generic.mg.5057042b2949c60f
McAfee Artemis!5057042B2949
Malwarebytes Malware.AI.1914786265
Cybereason malicious.4acc19
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
APEX Malicious
Cynet Malicious (score: 100)
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Trapmine malicious.high.ml.score
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Script.auxn
Antiy-AVL Trojan/Win32.PossibleThreat
Xcitium Packed.Win32.MUPX.Gen@24tbus
Microsoft Trojan:Script/Phonzy.A!ml
ViRobot Trojan.Win.Z.Agent.330240.Y
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.R325756
VBA32 BScope.Trojan.APosT
Rising Trojan.Generic@AI.99 (RDML:SELtltjpue0/Ge/KisSuwg)
Ikarus Trojan.Win32.AHK
Fortinet W32/PossibleThreat
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_60% (W)