Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 9, 2023, 7:48 a.m.	Nov. 9, 2023, 7:52 a.m.

Size	72.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fb003fc48dbad9290735c9a6601381f7`
SHA256	`9b7110edf32f235d590b8141ba6aa81eb3414e3202ff0feefcb2160e655c0116`
CRC32	`7A70A9AD`
ssdeep	`1536:I5iY0kL68xGkUOHfUgxCraXuso9aMb+KR0Nc8QsJq39:UJG8xjTdxU4us0ae0Nc8QsC9`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 9, 2023, 7:48 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 00 00 00 00 00 92 48 42 40 d6 27 43 27 90 48 f9 exception.symbol: 32+0xbfeb exception.instruction: add byte ptr [eax], al exception.module: 32.exe exception.exception_code: 0xc0000005 exception.offset: 49131 exception.address: 0x40bfeb registers.esp: 1638284 registers.edi: 0 registers.eax: 4294950661 registers.ebp: 1638292 registers.edx: 1971270585 registers.ebx: 2130567169 registers.esi: 0 registers.ecx: 2	1	0	0

section

{u'size_of_data': u'0x0000b000', u'virtual_address': u'0x00001000', u'entropy': 7.005001953614322, u'name': u'.text', u'virtual_size': u'0x0000a966'}

entropy

7.00500195361

description

A section with a high entropy has been found

entropy

0.647058823529

description

Overall entropy of this PE file is high

32.exe