popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

winrar-x64-700b1.exe

Emotet Gen1 Malicious Library Antivirus UPX Malicious Packer PE64 OS Processor Check PE32 PE File DLL CHM Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 27, 2023, 12:06 a.m. Oct. 27, 2023, 12:08 a.m.
Size 3.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ec258c62501e30c84217db59cd156e84
SHA256 672837ea26b14cd6d6117a769bb01672045db533847e357331471271cbad1a64
CRC32 5DBE5478
ssdeep 98304:ea8BfKEBaP2bW2OQZWQ5je9sjMAvmOk4c:n/2ZegMpOk4c
PDB Path D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\setup\build\sfxrar64\Release\sfxrar.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .didat
section _RDATA
resource name PNG
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Program Files\WinRAR\Uninstall.exe
file C:\Program Files\WinRAR\Rar.exe
file C:\Program Files\WinRAR\UnRAR.exe
file C:\Program Files\WinRAR\7zxa.dll
file C:\Program Files\WinRAR\WinRAR.exe
file C:\Program Files\WinRAR\RarExt.dll
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Generic.wc
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff90000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00027000', u'virtual_address': u'0x00068000', u'entropy': 7.763938294396233, u'name': u'.rsrc', u'virtual_size': u'0x00026eb0'} entropy 7.7639382944 description A section with a high entropy has been found
entropy 0.302912621359 description Overall entropy of this PE file is high