popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Chrome.exe

Malicious Packer UPX Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 10, 2023, 5:03 p.m. Sept. 10, 2023, 5:05 p.m.
Size 2.2MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 43e176e16444079c82e2446f0870d1e1
SHA256 27fb95086df3f2a22f6e34a746bb1f15d882936e2f6dea770bfd76bb1fc0423e
CRC32 19953CF1
ssdeep 49152:eMn6jRfJ3c1m8Sg2rgNF2b1D6KiMWFUIiJ:Tu3cFLvFY
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
section {u'size_of_data': u'0x00022600', u'virtual_address': u'0x001d1000', u'entropy': 7.9940075500130625, u'name': u'/19', u'virtual_size': u'0x0002255e'} entropy 7.99400755001 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006800', u'virtual_address': u'0x001f4000', u'entropy': 7.918614806942613, u'name': u'/32', u'virtual_size': u'0x000066cc'} entropy 7.91861480694 description A section with a high entropy has been found
section {u'size_of_data': u'0x0003fa00', u'virtual_address': u'0x001fc000', u'entropy': 7.996201375113793, u'name': u'/65', u'virtual_size': u'0x0003f816'} entropy 7.99620137511 description A section with a high entropy has been found
section {u'size_of_data': u'0x00021a00', u'virtual_address': u'0x0023c000', u'entropy': 7.988867680662128, u'name': u'/78', u'virtual_size': u'0x000219fb'} entropy 7.98886768066 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000ac00', u'virtual_address': u'0x0025e000', u'entropy': 7.779215612239072, u'name': u'/90', u'virtual_size': u'0x0000ab54'} entropy 7.77921561224 description A section with a high entropy has been found
entropy 0.268909460375 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.64
Elastic malicious (moderate confidence)
FireEye Generic.mg.43e176e16444079c
McAfee Artemis!43E176E16444
Malwarebytes Neshta.Virus.FileInfector.DDS
CrowdStrike win/malicious_confidence_90% (W)
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:Trojan.Win64.Shlem
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm UDS:Trojan.Win64.Shlem
Google Detected
Ikarus Trojan.BatAVProcKill
MaxSecure Trojan.Malware.300983.susgen
Cybereason malicious.2293df
DeepInstinct MALICIOUS
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0