popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Install_WinX64X86.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 2, 2023, 6:26 p.m. Sept. 2, 2023, 6:40 p.m.
Size 5.9MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 ebd57653d474ebeb5c5df2c19df6912b
SHA256 f4b17c300b847ffaee23c8391d8e9816f97e1cecf6ea453dafd3e57da73fd32a
CRC32 8DE393CE
ssdeep 98304:3hzMQFcIKsJatIXw4KpLwrWA5dgedb7a2ZO3u0f9gedfjp6/dgWxVwnSM61n3:3hzrFcIKdQlCwrWNeF7JZO3ucgedfj0R
Yara
  • Malicious_Library_Zero - Malicious_Library
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
156.236.72.121 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77710895
stacktrace+0x84 memdup-0x1af @ 0x749a0470
hook_in_monitor+0x45 lde-0x133 @ 0x749942ea
New_kernel32_GetSystemTimeAsFileTime+0x1d New_kernel32_GetSystemWindowsDirectoryA-0x8d @ 0x749abdb5
install_winx64x86+0x2901 @ 0x140002901
0x12ff28

exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address: 0x77710895
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 329877
registers.r14: 0
registers.r15: 0
registers.rcx: 1242936
registers.rsi: 8796092887040
registers.r10: 0
registers.rbx: 1
registers.rsp: 1244936
registers.r11: 0
registers.r8: 64
registers.r9: 5368713216
registers.rdx: 1244280
registers.r12: 0
registers.rbp: 0
registers.rdi: 47936899621426
registers.rax: 1242616
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x000a1e00', u'virtual_address': u'0x00001000', u'entropy': 7.983792228108462, u'name': u'.text', u'virtual_size': u'0x00137e98'} entropy 7.98379222811 description A section with a high entropy has been found
section {u'size_of_data': u'0x00014600', u'virtual_address': u'0x00139000', u'entropy': 7.9761007521516705, u'name': u'.data', u'virtual_size': u'0x000329d2'} entropy 7.97610075215 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x0016c000', u'entropy': 7.729591921400187, u'name': u'.data', u'virtual_size': u'0x000067f4'} entropy 7.7295919214 description A section with a high entropy has been found
section {u'size_of_data': u'0x00008000', u'virtual_address': u'0x00173000', u'entropy': 7.569301054911693, u'name': u'.data', u'virtual_size': u'0x0000d914'} entropy 7.56930105491 description A section with a high entropy has been found
section {u'size_of_data': u'0x00007000', u'virtual_address': u'0x00182000', u'entropy': 7.9635780109892575, u'name': u'.data', u'virtual_size': u'0x00008d60'} entropy 7.96357801099 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x0018b000', u'entropy': 7.634924737292567, u'name': u'.data', u'virtual_size': u'0x0000166c'} entropy 7.63492473729 description A section with a high entropy has been found
section {u'size_of_data': u'0x0051e400', u'virtual_address': u'0x00991000', u'entropy': 7.948003390474547, u'name': u'.text', u'virtual_size': u'0x0051e400'} entropy 7.94800339047 description A section with a high entropy has been found
section {u'size_of_data': u'0x00005400', u'virtual_address': u'0x00eb5000', u'entropy': 7.946864086500011, u'name': u'.data', u'virtual_size': u'0x00005400'} entropy 7.9468640865 description A section with a high entropy has been found
entropy 0.996407234882 description Overall entropy of this PE file is high
host 156.236.72.121
Bkav W32.AIDetectMalware.64
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
FireEye Generic.mg.ebd57653d474ebeb
Malwarebytes Generic.Malware/Suspicious
Sangfor Trojan.Win32.Agent.Vo3u
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
McAfee-GW-Edition BehavesLike.Win64.Generic.tc
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Antiy-AVL GrayWare/Win32.Wacapew
Gridinsoft Trojan.Win64.Agent.sa
Microsoft Trojan:Win32/Casdet!rfn
McAfee Artemis!EBD57653D474
Ikarus Win32.Outbreak
Fortinet PossibleThreat.PALLAS.H
DeepInstinct MALICIOUS
dead_host 192.168.56.103:49863