popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Setup.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 8, 2023, 6:37 p.m. Aug. 8, 2023, 6:54 p.m.
Size 331.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 60c09568374a7cc6fde4472e2f381d25
SHA256 c0f4ea0ef091c50c5e7219dc0944e0f01700dd23d0a37c956269ceb044e47264
CRC32 80B61766
ssdeep 6144:6JOV4xvpsoZcMetN3wUpvwVP570Kk6NON77tcJN0LQKmfF5Ibxm:B2NqkWN3whVPjk6S7tcJNF3
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
setup+0x44405 @ 0x13fe44405
setup+0x1e632 @ 0x13fe1e632
setup+0x1e489 @ 0x13fe1e489
setup+0x1e2a0 @ 0x13fe1e2a0
setup+0x1e5b2 @ 0x13fe1e5b2
setup+0x1e32c @ 0x13fe1e32c
setup+0x1e25a @ 0x13fe1e25a
setup+0x1e7b7 @ 0x13fe1e7b7
setup+0x1e0b4 @ 0x13fe1e0b4
setup+0x1872e @ 0x13fe1872e
setup+0x14440 @ 0x13fe14440
setup+0x1485e @ 0x13fe1485e
setup+0x1483e @ 0x13fe1483e
setup+0x14a9e @ 0x13fe14a9e
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 0f b7 00 85 c0 74 32 48 8b 44 24 08 0f b7 00 48
exception.symbol: setup+0x44405
exception.instruction: movzx eax, word ptr [rax]
exception.module: Setup.exe
exception.exception_code: 0xc0000005
exception.offset: 279557
exception.address: 0x13fe44405
registers.r14: 0
registers.r15: 0
registers.rcx: 5369187848
registers.rsi: 0
registers.r10: 3221225485
registers.rbx: 0
registers.rsp: 1703328
registers.r11: 582
registers.r8: 7
registers.r9: 360
registers.rdx: 5367090784
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 5369187848
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00031200', u'virtual_address': u'0x00095000', u'entropy': 7.920047191731291, u'name': u'UPX1', u'virtual_size': u'0x00032000'} entropy 7.92004719173 description A section with a high entropy has been found
entropy 0.594553706505 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Sangfor Trojan.Win32.Agent.Vuhj
Cybereason malicious.8374a7
Symantec ML.Attribute.HighConfidence
APEX Malicious
Cynet Malicious (score: 100)
McAfee-GW-Edition BehavesLike.Win64.PWSZbot.fc
McAfee Artemis!60C09568374A
DeepInstinct MALICIOUS
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
CrowdStrike win/malicious_confidence_90% (W)