popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

toolspub4.exe

Malicious Library UPX AntiDebug PE File OS Processor Check PE32 AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 9, 2023, 9:46 p.m. Sept. 9, 2023, 9:50 p.m.
Size 300.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 98ce8687a896a63f1a52979ce8871b2e
SHA256 904e1460dbc547a4891f88f576ec8acbb9f07830a7b3f2a7165c00a147057af1
CRC32 C033763F
ssdeep 3072:pvgSqLhRE0Gq082C2vVvXa5Gymj6rMdVhnhctc0v77RecIAxyB:VdqLhOBfVvqty6r2VeYcIA
PDB Path C:\jahexecahifupa70.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\jahexecahifupa70.pdb
section {u'size_of_data': u'0x00027e00', u'virtual_address': u'0x00001000', u'entropy': 7.565074029176389, u'name': u'.text', u'virtual_size': u'0x00027c04'} entropy 7.56507402918 description A section with a high entropy has been found
entropy 0.532554257095 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
Bkav W32.AIDetectMalware
tehtris Generic.Malware
FireEye Generic.mg.98ce8687a896a63f
CAT-QuickHeal Ransom.Stop.P5
K7AntiVirus Riskware ( 00584baa1 )
K7GW Riskware ( 00584baa1 )
Cybereason malicious.cafd48
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky VHO:Backdoor.Win32.Agent.gen
Rising Trojan.Generic@AI.100 (RDML:kM1ssFOLRK09mDK65SaCaQ)
Trapmine malicious.moderate.ml.score
Sophos ML/PE-A
Ikarus Trojan-Spy.Agent
ZoneAlarm VHO:Backdoor.Win32.Agent.gen
Cynet Malicious (score: 100)
AhnLab-V3 CoinMiner/Win.Glupteba.R504956
Acronis suspicious
Cylance unsafe
Tencent Trojan.Win32.Obfuscated.gen
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HFSR!tr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)