popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

toolspub2.exe

Malicious Library UPX AntiDebug PE File OS Processor Check PE32 AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 28, 2023, 7:33 a.m. Aug. 28, 2023, 7:40 a.m.
Size 293.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d3d867c6722255ebcbc51a11a3a39347
SHA256 10d5acaf335351c394065caea772a79d686fab672649cb94315342fe0a9e4df4
CRC32 7359EC07
ssdeep 3072:TN+g7/Lo7OGFmNbNJXkywtN2kAyxdovGLsbVgJI+bEKXmXTZutl:BhXeVFaJTwH1AyvoguMX6TIL
PDB Path C:\kom kil_puhexih7 kedobegat.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\kom kil_puhexih7 kedobegat.pdb
resource name AFX_DIALOG_LAYOUT
section {u'size_of_data': u'0x00030600', u'virtual_address': u'0x00001000', u'entropy': 7.42144804186254, u'name': u'.text', u'virtual_size': u'0x000304f0'} entropy 7.42144804186 description A section with a high entropy has been found
entropy 0.661538461538 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealer.12!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Ransom.Stop.P5
McAfee Artemis!D3D867C67222
Cylance unsafe
Sangfor Ransom.Win32.Save.a
K7AntiVirus Trojan ( 0056f95c1 )
K7GW Trojan ( 0056f95c1 )
Cybereason malicious.317aa0
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Kryptik.HULI
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:RansomX-gen [Ransom]
Tencent Trojan.Win32.Obfuscated.gen
F-Secure Trojan.TR/AD.SmokeLoader.kjgke
TrendMicro Trojan.Win32.AMADEY.YXDH1Z
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dh
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.d3d867c6722255eb
Sophos Troj/Krypt-VK
Ikarus Trojan-Banker.UrSnif
GData Win32.Trojan.PSE.1N056TH
Avira TR/AD.SmokeLoader.kjgke
Gridinsoft Trojan.Win32.SmokeLoader.bot
ZoneAlarm HEUR:Trojan.Win32.Chapak.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Detected
Acronis suspicious
Malwarebytes Malware.AI.3380034764
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXDH1Z
Rising Trojan.Kryptik!1.B663 (CLASSIC)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HFSR!tr
AVG Win32:RansomX-gen [Ransom]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)