Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 15, 2023, 7:47 a.m.	Sept. 15, 2023, 7:49 a.m.

Size	559.1KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1ae5e18c3f032578c3e8e1f2dad127ac`
SHA256	`f561a2851020a8f0473104f4c4123c9730710c0fb6faf6cfcdd926694960374d`
CRC32	`C882E7DA`
ssdeep	`12288:1KzgvtVn3BsnL5BG4Obz7Ie3zxv6FxQ1Hr35X5m7fT3GOIavtSYF:1KzinWnE8sxy+C7LWwV5F`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Belphegor_crypto.exe "C:\Users\test22\AppData\Local\Temp\Belphegor_crypto.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 15, 2023, 7:47 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00010800', u'virtual_address': u'0x00001000', u'entropy': 6.897978783770774, u'name': u'.text', u'virtual_size': u'0x000106bf'}

entropy

6.89797878377

description

A section with a high entropy has been found

Belphegor_crypto.exe