popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

hk1c9y18em.dll

UPX Malicious Library PE64 PE File dll OS Processor Check DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 14, 2023, 7:04 p.m. Sept. 14, 2023, 7:10 p.m.
Size 1.1MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 a6ac1a8bb63362ed7515f2ca02fb52be
SHA256 e1dbce8a89b5fea0f3cf6da9560fd573dfe9c93c5d6d8d2fef8902a3589cdf15
CRC32 D4F06DB0
ssdeep 24576:K40kaG+iDe5cMQW7v7+KIUC/ofj1fpLgN:K40kd+35cMv
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
resource name None
section {u'size_of_data': u'0x00041a00', u'virtual_address': u'0x00010000', u'entropy': 7.0921979733987275, u'name': u'.rdata', u'virtual_size': u'0x000419c6'} entropy 7.0921979734 description A section with a high entropy has been found
entropy 0.240274599542 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.64
Cynet Malicious (score: 100)
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Injector.NO
APEX Malicious
Kaspersky Trojan-Downloader.Win64.BumbleBee.aks
Avast InjectorX-gen [Trj]
McAfee-GW-Edition BehavesLike.Win64.PinkSbot.th
FireEye Generic.mg.a6ac1a8bb63362ed
ZoneAlarm Trojan-Downloader.Win64.BumbleBee.aks
Acronis suspicious
AVG InjectorX-gen [Trj]
DeepInstinct MALICIOUS