Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 10, 2023, 6:22 p.m.	Oct. 10, 2023, 6:24 p.m.

Size	1.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`1d5ad4a60ec9be32c11ad99f234bfe8f`
SHA256	`f59035192098e44b86c4648a0de4078edbe80352260276f4755d15d354f5fc58`
CRC32	`9A12792F`
ssdeep	`24576:tMBcqyK86pA7yPxYdC70iQMN+PeTNzA9NIVzlMRGKwQ7Yv0IgvIgXxv7zMo:tMBc2QyJ0iQMNkeTNzA9NIVzJXQ7+0YV`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 10, 2023, 6:22 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 10, 2023, 6:22 p.m.		1	1	0

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 10, 2023, 6:22 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

section

{u'size_of_data': u'0x0003c000', u'virtual_address': u'0x000e3000', u'entropy': 7.961147943458464, u'name': u'.data', u'virtual_size': u'0x000404b0'}

entropy

7.96114794346

description

A section with a high entropy has been found

entropy

0.200250312891

description

Overall entropy of this PE file is high

registry	HKEY_LOCAL_MACHINE\SOFTWARE\SimonTatham\PuTTY\CHMPath\(Default)
registry	HKEY_LOCAL_MACHINE\SOFTWARE\SimonTatham\PuTTY64\CHMPath\(Default)

putty.exe