popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

westcompetitiveresspro.exe

Emotet Gen1 Malicious Library UPX PE64 PE File CAB
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 28, 2023, 8:39 a.m. Sept. 28, 2023, 8:41 a.m.
Size 6.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 41ca6ed3ff003e205d7dae915c20eb59
SHA256 008d9137787466d1cc4118a6b62a408c9f0c63f3013f8c277bf1ba08b5e498d2
CRC32 F59A8F95
ssdeep 196608:HQGfUv8BrzZD+zhB1mkIjoA15mPKqhNEtKr72AzXgiM:HQaUvWzZD+5XIcAiCWk6IL
PDB Path wextract.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • CAB_file_format - CAB archive file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path wextract.pdb
resource name AVI
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\westcompetitiveress.exe
section {u'size_of_data': u'0x006cc800', u'virtual_address': u'0x0000f000', u'entropy': 7.998349726657885, u'name': u'.rsrc', u'virtual_size': u'0x006cd000'} entropy 7.99834972666 description A section with a high entropy has been found
entropy 0.99386152748 description Overall entropy of this PE file is high
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\westcompetitiveress.exe
Bkav W32.AIDetectMalware.64
Elastic malicious (high confidence)
FireEye Generic.mg.41ca6ed3ff003e20
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent_AGen.AZI
APEX Malicious
Cynet Malicious (score: 100)
Rising Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:UD2HCfyfnUZqU9zaSkybAA)
Trapmine malicious.high.ml.score
Cylance unsafe
MaxSecure Trojan.Malware.300983.susgen
Cybereason malicious.2c0d18
DeepInstinct MALICIOUS