popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

putty.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 6, 2023, 5:42 p.m. Oct. 6, 2023, 5:53 p.m.
Size 292.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9872c3c580e8bd1a22cd4698e73e3f9a
SHA256 122742e0a532636207c9bc6f0ae44e45c5bd1df87cb5a1aa475f7fbdb0cc521f
CRC32 7A5BA798
ssdeep 3072:zXTH4bYS/eQDmXepeDNbuSTTNG9AMY8q4LCvr4Uot:roYQeQEepeZTNG+MTasUo
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name DUHUFEGUTEJUCUV
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 660
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023ec000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 660
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
tehtris Generic.Malware
FireEye Generic.mg.9872c3c580e8bd1a
CAT-QuickHeal Ransom.Stop.P5
Sangfor Trojan.Win32.Save.a
K7GW Hacktool ( 700007861 )
CrowdStrike win/malicious_confidence_100% (D)
Cyren W32/Kryptik.KTB2.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky VHO:Trojan-Spy.Win32.Stealer.gen
Avast TrojanX-gen [Trj]
Tencent Trojan.Win32.Obfuscated.gen
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dm
Trapmine malicious.high.ml.score
Sophos ML/PE-A
Ikarus Trojan.Crypt
Kingsoft malware.kb.a.1000
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm VHO:Trojan-Spy.Win32.Stealer.gen
Google Detected
Acronis suspicious
Cylance unsafe
Rising Trojan.Generic@AI.100 (RDML:26EABhN/2fPNXd38mDp0Mw)
SentinelOne Static AI - Malicious PE
AVG TrojanX-gen [Trj]
Cybereason malicious.fc8211
DeepInstinct MALICIOUS