popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WinDhcp.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 30, 2023, 12:52 p.m. Sept. 30, 2023, 1 p.m.
Size 5.2MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d381d9db9cbd1b60afdfb4f05e52a775
SHA256 3e488cd6f6cc7b35713c321dc58b63fa95ba9c69248008109b7bf9a543add7e9
CRC32 820B73C7
ssdeep 98304:Qp4L/JhqnNKIjRFlrDlyzVd/dCR36YDAbJC5kZne:QeL/JhqNRrhyXCR3FAbfhe
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x0051e000', u'virtual_address': u'0x00008000', u'entropy': 7.708781769162034, u'name': u'.data', u'virtual_size': u'0x0051df20'} entropy 7.70878176916 description A section with a high entropy has been found
entropy 0.992988440402 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.64
Cybereason malicious.83ca79
Cyren W64/Rozena.HA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Rozena.XN
Cynet Malicious (score: 100)
Kaspersky VHO:Trojan.Win32.Agent.gen
F-Secure Trojan.TR/Crypt.EPACK.Gen2
McAfee-GW-Edition BehavesLike.Win64.Trojan.tc
Ikarus Trojan.Win64.Krypt
Avira TR/Crypt.EPACK.Gen2
Kingsoft malware.kb.a.942
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm VHO:Trojan.Win32.Agent.gen
Google Detected
Acronis suspicious
Rising Trojan.Rozena!8.6D (TFE:5:kC3zMNTE3QN)
SentinelOne Static AI - Suspicious PE
Fortinet W64/Rozena.AN!tr
CrowdStrike win/malicious_confidence_90% (W)