popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

windows_amd64.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 27, 2023, 9:23 a.m. Nov. 27, 2023, 9:34 a.m.
Size 5.5MB
Type MS-DOS executable, MZ for MS-DOS
MD5 42da12e3d8a9fc15574df76234e52b57
SHA256 92861d308868768a377ebb1fdb48b4deea12c4dac8d81bea45af97bedb9f2458
CRC32 CF21FB56
ssdeep 98304:Lsuw43LC1ApsT/uEz4g9DT3V0Wn9BbxP+PR+UzqnTFWisVljt7JYGJtmU:Lrw43u1AnEzp359LP+PRVcWPVVtZLv
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
45.77.97.135 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49164 -> 45.77.97.135:443 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 45.77.97.135:443 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49162 -> 45.77.97.135:443 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 16
family: 0
1 0 0
section {u'size_of_data': u'0x00578c00', u'virtual_address': u'0x00d83000', u'entropy': 7.910356740969712, u'name': u'UPX1', u'virtual_size': u'0x00579000'} entropy 7.91035674097 description A section with a high entropy has been found
entropy 0.999910770054 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
host 45.77.97.135
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Marte.m!c
ClamAV Win.Exploit.Marte-10008109-0
FireEye Generic.Shellcode.Loader.Marte.X.E4454493
Skyhigh BehavesLike.Win64.Hacktool.tc
McAfee Artemis!42DA12E3D8A9
Malwarebytes Trojan.Packed.UPX
Sangfor Backdoor.Win32.Shellcode.Vh03
BitDefender Generic.Shellcode.Loader.Marte.X.E4454493
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of WinGo/Agent.RC
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Backdoor.Win32.Agent.myusks
Alibaba Ransom:Win64/BackdoorX.b974e4fe
MicroWorld-eScan Generic.Shellcode.Loader.Marte.X.E4454493
Rising Backdoor.Agent!8.C5D (CLOUD)
Sophos Mal/Swrort-Y
F-Secure Trojan.TR/Redcap.perlu
VIPRE Generic.Shellcode.Loader.Marte.X.E4454493
Emsisoft Generic.Shellcode.Loader.Marte.X.E4454493 (B)
Ikarus Trojan.WinGo.Crypt
GData Win64.Packed.Shellcode.C
Jiangmin Backdoor.Agent.mji
Google Detected
Avira TR/Redcap.perlu
MAX malware (ai score=87)
Arcabit Generic.Shellcode.Loader.Marte.X.ED43F85D
ZoneAlarm Backdoor.Win32.Agent.myusks
Microsoft Trojan:Win32/Wacatac.B!ml
Varist W64/Agent.FXW.gen!Eldorado
ALYac Generic.Shellcode.Loader.Marte.X.E4454493
DeepInstinct MALICIOUS
TrendMicro-HouseCall TROJ_GEN.R002H0CK623
Tencent Win32.Backdoor.Agent.Ckjl
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG Win64:BackdoorX-gen [Trj]
Avast Win64:BackdoorX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)