popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

public.exe

Malicious Packer UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 24, 2023, 5:51 p.m. Aug. 24, 2023, 5:53 p.m.
Size 2.5MB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5 d9d80ab4056a3d27e3b1783411b0d77f
SHA256 d21bc1ba9cc1deca462d9b4b2f5617b7d5081ed29b0246640b46e81ed75634d8
CRC32 5E9F48A0
ssdeep 24576:PPCkTOzoniTpGNRHcBBTzUYLBOmfc/tZHCXpDowoAzBtF60B0gxXV8IU/oH8CL86:oBiYgC3/0O0c78D18qWJ02rtkb5yq
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
35.174.153.211 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Bkav W32.AIDetectMalware
APEX Malicious
Rising Trojan.Generic@AI.91 (RDML:ZiUsBLym9NWu0JdGsMsoIA)
section {u'size_of_data': u'0x0002a400', u'virtual_address': u'0x001d4000', u'entropy': 7.993973855460573, u'name': u'/19', u'virtual_size': u'0x0002a3e1'} entropy 7.99397385546 description A section with a high entropy has been found
section {u'size_of_data': u'0x00007a00', u'virtual_address': u'0x001ff000', u'entropy': 7.97567760192969, u'name': u'/32', u'virtual_size': u'0x0000795c'} entropy 7.97567760193 description A section with a high entropy has been found
section {u'size_of_data': u'0x00046400', u'virtual_address': u'0x00208000', u'entropy': 7.997570727831322, u'name': u'/65', u'virtual_size': u'0x00046377'} entropy 7.99757072783 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002b400', u'virtual_address': u'0x0024f000', u'entropy': 7.993870272405353, u'name': u'/78', u'virtual_size': u'0x0002b26a'} entropy 7.99387027241 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000f400', u'virtual_address': u'0x0027b000', u'entropy': 7.913861417783998, u'name': u'/90', u'virtual_size': u'0x0000f38d'} entropy 7.91386141778 description A section with a high entropy has been found
entropy 0.276723470178 description Overall entropy of this PE file is high
host 35.174.153.211
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe29
function_name: wine_get_version
module: ntdll
module_address: 0x76f10000
3221225785 0
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49161
dead_host 35.174.153.211:443