Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 11, 2023, 7:15 p.m.	Dec. 11, 2023, 7:18 p.m.

Size	4.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`294deb3dae4f4f961bf3888733b20ef5`
SHA256	`e0cd659c4307cfa1ae3e1258e6af8cbee2b38f1b02a39c1a18656c7d48e1008e`
CRC32	`0AE2B5CA`
ssdeep	`49152:RmJsE4EM5yU4RGOLHAy3sqTXc52em3+mznD9yZ6rUVwYZQjP1YU102BrkJlU4u0w:RmJ+52jLH3sqTswZfrxYqxkJB/g2vhY`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Dec. 11, 2023, 7:15 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Dec. 11, 2023, 7:15 p.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 11, 2023, 7:15 p.m.		1	1	0

packer

Armadillo v1.71

resource name	RFR
resource name	None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Dec. 11, 2023, 7:15 p.m.	process_identifier: 1668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Dec. 11, 2023, 7:15 p.m.	process_identifier: 1668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 73728 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74321000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x001e9000', u'virtual_address': u'0x0031e000', u'entropy': 7.559718005314705, u'name': u'.rsrc', u'virtual_size': u'0x001e856c'}

entropy

7.55971800531

description

A section with a high entropy has been found

entropy

0.460018814675

description

Overall entropy of this PE file is high

Controlbackup.exe