popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wc4aw1t506.dll

UPX Malicious Library PE64 PE File dll OS Processor Check DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 14, 2023, 7:04 p.m. Sept. 14, 2023, 7:09 p.m.
Size 1.1MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 e4919447b9ea5c4f02a0746ab64f8e7e
SHA256 f583b43851502322a69c67f0f8f3e50f296f397e4bbb50bc646bccca6ee79215
CRC32 2022EDEE
ssdeep 24576:gG95Qu5j6V4TYuVUKXs7U48XoKdtEiQnNst2Ua:gG9TfPUO
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
resource name None
section {u'size_of_data': u'0x00041800', u'virtual_address': u'0x00010000', u'entropy': 7.09103313627798, u'name': u'.rdata', u'virtual_size': u'0x000417e6'} entropy 7.09103313628 description A section with a high entropy has been found
entropy 0.240477283157 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.64
Elastic malicious (high confidence)
FireEye Generic.mg.e4919447b9ea5c4f
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Injector.NO
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Avast InjectorX-gen [Trj]
McAfee-GW-Edition BehavesLike.Win64.MultiPlug.th
ZoneAlarm UDS:DangerousObject.Multi.Generic
Acronis suspicious
AVG InjectorX-gen [Trj]
DeepInstinct MALICIOUS