popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

toolspub2.exe

UPX Malicious Library AntiDebug PE File OS Processor Check PE32 AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 12, 2023, 7:10 p.m. Aug. 12, 2023, 7:14 p.m.
Size 261.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a76e515e1150c903070a1eb1b2d216c0
SHA256 a3b9b231eedc6701cd76d624ed7dbfab8614e8a07088512b5e6ef3aa44235f50
CRC32 8E669531
ssdeep 3072:YQ9Xbck2cLeyJkXQ+mqweLJXyRe2AE463tT0vLbgUWlrba5h2OT:YIB2cLeXQ+mgQe29ZPxO2OT
PDB Path C:\puruwul46\basole.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\puruwul46\basole.pdb
name RT_ICON language LANG_PORTUGUESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x014adfb0 size 0x00000468
name RT_ICON language LANG_PORTUGUESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x014adfb0 size 0x00000468
name RT_ICON language LANG_PORTUGUESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x014adfb0 size 0x00000468
name RT_GROUP_ICON language LANG_PORTUGUESE filetype data sublanguage SUBLANG_PORTUGUESE_BRAZILIAN offset 0x014ae418 size 0x00000030
section {u'size_of_data': u'0x0002c200', u'virtual_address': u'0x00001000', u'entropy': 7.502290432732684, u'name': u'.text', u'virtual_size': u'0x0002c04a'} entropy 7.50229043273 description A section with a high entropy has been found
entropy 0.67754318618 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.a76e515e1150c903
CAT-QuickHeal Ransom.Stop.P5
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056f9be1 )
K7GW Trojan ( 0056f9be1 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Kryptik.KJB.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky UDS:DangerousObject.Multi.Generic
Avast FileRepMalware [Pws]
Tencent Trojan.Win32.Obfuscated.gen
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dh
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
Ikarus Worm.Win32.Dorkbot
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft Trojan.Win32.SmokeLoader.bot
ZoneAlarm UDS:DangerousObject.Multi.Generic
Google Detected
Acronis suspicious
McAfee Artemis!A76E515E1150
Cylance unsafe
Rising Trojan.Kryptik!1.B663 (CLASSIC)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.ERHN!tr
AVG FileRepMalware [Pws]
Cybereason malicious.088744
DeepInstinct MALICIOUS