popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

uwp4082989.png.exe

Malicious Library UPX .NET DLL PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 19, 2023, 6:38 p.m. Oct. 19, 2023, 6:38 p.m.
Size 3.1MB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5913cdb1f8f9045b3e19987a08134771
SHA256 b516b5f18473f9a6d5d7ab7a09c196a9af464f8c49fb5914c3cd7896e7746467
CRC32 02DF0848
ssdeep 49152:1MoMrusalz3KVS0eslIP3QdnoHZsZ/4XZDOPCHWzCI:11M2KciSgdnoHZ6oZCVz7
PDB Path Fiber.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Is_DotNET_DLL - (no description)
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path Fiber.pdb
section {u'size_of_data': u'0x0031a200', u'virtual_address': u'0x00002000', u'entropy': 7.400990941138239, u'name': u'.text', u'virtual_size': u'0x0031a084'} entropy 7.40099094114 description A section with a high entropy has been found
entropy 0.999528005035 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.472162
Skyhigh BehavesLike.Win32.Packed.wc
ALYac Gen:Variant.Zusy.472162
Malwarebytes Trojan.Downloader.MSIL
VIPRE Gen:Variant.Zusy.472162
K7AntiVirus Trojan-Downloader ( 005a77b81 )
K7GW Trojan-Downloader ( 005a77b81 )
CrowdStrike win/malicious_confidence_90% (D)
Arcabit Trojan.Zusy.D73462
Baidu MSIL.Trojan.Crypto.a
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.PIX
Kaspersky HEUR:Backdoor.MSIL.Remcos.gen
BitDefender Gen:Variant.Zusy.472162
Avast Win32:Evo-gen [Trj]
Emsisoft Gen:Variant.Zusy.472162 (B)
FireEye Gen:Variant.Zusy.472162
Varist W32/MSIL_Kryptik.JRF.gen!Eldorado
Microsoft Trojan:Win32/Sabsik.TE.A!ml
ZoneAlarm HEUR:Backdoor.MSIL.Remcos.gen
GData Gen:Variant.Zusy.472162
Google Detected
AhnLab-V3 Trojan/Win.Generic.R526355
MAX malware (ai score=89)
Ikarus Trojan-Spy.Agent
AVG Win32:Evo-gen [Trj]