Summary | ZeroBOX

1

UPX Downloader PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 30, 2023, 9:04 a.m. Nov. 30, 2023, 9:06 a.m.
Size 525.6KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 45ae0455fdcb1ceb6e1d3eed8ba7ffaf
SHA256 40443a173109769738ac141017ad4e51dee33603d7f22f4f2dd8863b892d9ad4
CRC32 1B21CE82
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7jo:4thTiP+ffCfB5Lf0F7Z1E7jo
Yara
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25
1+0xb1c49 @ 0x4b1c49
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x750d3ef4
registers.esp: 1637492
registers.edi: 0
registers.eax: 8581776
registers.ebp: 1637520
registers.edx: 1
registers.ebx: 0
registers.esi: 6876304
registers.ecx: 1948530044
1 0 0
section {u'size_of_data': u'0x0006e000', u'virtual_address': u'0x000d6000', u'entropy': 7.925503321389109, u'name': u'UPX1', u'virtual_size': u'0x0006e000'} entropy 7.92550332139 description A section with a high entropy has been found
entropy 0.848601735776 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Skyhigh Artemis
McAfee Artemis!45AE0455FDCB
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
Antiy-AVL Trojan/Win32.Agent
Gridinsoft Trojan.Win32.Agent.sa
VBA32 Trojan.Bitrep
Cylance unsafe
Rising Trojan.Generic@AI.85 (RDML:4uxE6YDLDIEKGf2Z+q9EUA)
MaxSecure Trojan.Malware.220148355.susgen