popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis
BlackMatter Ransomware PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
ARCHIVE s1_win7_x6402 Oct. 13, 2023, 12:58 a.m. Oct. 13, 2023, 12:58 a.m.

Archive LBB_ReflectiveDll_DllMain.dll @ LBB_AEV-iledefrance.fr_05A8F2993F873622_12.08.23_aev_iledefrance.zip

Summary

Size 113.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8e4835042e8de50cddd5a48491340c19
SHA1 205df7fa56ae79f05a0a471cd3fd5e12c99f7f02
SHA256 e7656710adbfc898707b58574b5308221dc8dedbc204128aed8137169fc633bb
SHA512
fdf4f706a32802eb67a0c5f2d71a837ba375f3c5b507ceb839aa8d267f66a9f821940e934ae3ac57362e31d05f12a58f52a4ddbed7be57b510711cf1a3011014
CRC32 3A1AEC3D
ssdeep 1536:yzICS4Az7zr5gUke9jyAa1d0obdsx18Ln7eWWv7OxluOllosgC9hM057fOOr:R1735ZzNwX0obdiKLqzKSOllQCiO
Yara
  • BlackMatter_Ransomware_IN - BlackMatter Ransomware
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x00011200', u'virtual_address': u'0x00001000', u'entropy': 6.8314751868865145, u'name': u'.text', u'virtual_size': u'0x0001104c'} entropy 6.83147518689 description A section with a high entropy has been found
section {u'size_of_data': u'0x00005c00', u'virtual_address': u'0x00014000', u'entropy': 7.94640396495522, u'name': u'.data', u'virtual_size': u'0x000062c8'} entropy 7.94640396496 description A section with a high entropy has been found
section {u'size_of_data': u'0x00004000', u'virtual_address': u'0x0001b000', u'entropy': 7.933067391680408, u'name': u'.pdata', u'virtual_size': u'0x00003e34'} entropy 7.93306739168 description A section with a high entropy has been found
entropy 0.959821428571 description Overall entropy of this PE file is high