popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Lwsecure_beta.exe

Gen1 Malicious Library UPX ftp PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 20, 2023, 9:43 a.m. Nov. 20, 2023, 9:54 a.m.
Size 3.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5c320953f68110bc451f42495ef0a296
SHA256 e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a
CRC32 821FC77F
ssdeep 49152:OPX0ONuiBg8FsUMQMX/mH/xnJhMrqF3Ie73PpwfeTPYZylg5QrFRbZS2bvLra+Po:quirsUMti/jC2eiMmqQ7bZSoXPo
PDB Path D:\Programmiproxy\Blockchain\a\p\t\Cacheable\t\om\NrL\fm\vm\vr\om\a\x86\release\auth\8\pb\s.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • ftp_command - ftp command
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
app.physics.wisc.edu
A 128.104.160.19
128.104.160.19
IP Address Status Action
128.104.160.19 Active Moloch
164.124.101.2 Active Moloch

pdb_path D:\Programmiproxy\Blockchain\a\p\t\Cacheable\t\om\NrL\fm\vm\vr\om\a\x86\release\auth\8\pb\s.pdb
resource name BINARY
resource name TEXT
resource name VV
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196974
registers.rcx: 196974
registers.rsi: 1
registers.r10: 196974
registers.rbx: 0
registers.rsp: 1240664
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 8164544
registers.rdi: 0
registers.rax: 1240768
registers.r13: 28
1 0 0
section {u'size_of_data': u'0x00108e00', u'virtual_address': u'0x00251000', u'entropy': 7.879885765797467, u'name': u'.rsrc', u'virtual_size': u'0x00108c4a'} entropy 7.8798857658 description A section with a high entropy has been found
entropy 0.310476190476 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Penguish.4!c
MicroWorld-eScan Trojan.GenericKD.70462015
Skyhigh BehavesLike.Win64.Dropper.wh
McAfee Artemis!5C320953F681
K7AntiVirus Riskware ( 00584baa1 )
Alibaba Trojan:Win32/Penguish.ab96a4b3
K7GW Riskware ( 00584baa1 )
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win64/TrojanDownloader.Rugmi.T.gen
Kaspersky Trojan.Win32.Penguish.wn
BitDefender Trojan.GenericKD.70462015
Avast Win64:Malware-gen
Tencent Win32.Trojan.Penguish.Ssmw
Emsisoft Trojan.GenericKD.70462015 (B)
F-Secure Trojan.TR/Redcap.lfont
TrendMicro TrojanSpy.Win64.LUMMASTEALER.YXDKRZ
FireEye Trojan.GenericKD.70462015
Sophos Mal/Generic-S
MAX malware (ai score=89)
Webroot W32.Malware.Gen
Google Detected
Avira TR/Redcap.lfont
Kingsoft Win32.Trojan.Penguish.wn
Microsoft Trojan:Win32/Znyonm
Gridinsoft Trojan.Win64.Downloader.ns
Arcabit Trojan.Generic.D4332A3F
ZoneAlarm Trojan.Win32.Penguish.wn
GData Win64.Trojan.Agent.0A4TRV
AhnLab-V3 Malware/Win.Malware-gen.C5544356
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TrojanSpy.Win64.LUMMASTEALER.YXDKRZ
Rising Downloader.Rugmi!8.11816 (CLOUD)
Ikarus Trojan-Downloader.Win64.Rugmi
Fortinet W64/Rugmi.T!tr.dldr
AVG Win64:Malware-gen
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)