popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wai3.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 14, 2023, 6:48 p.m. Dec. 14, 2023, 7:11 p.m.
Size 612.9KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 07eba257f3c68d1effd1704ad3bdf746
SHA256 3308965802e98b741b4746e70b353c4e4b264d624ac7d9bfba531f90caa30c73
CRC32 993D7787
ssdeep 6144:PPIDLr6Dnmo5GpdCcmA2S+LKnkpL2Rut2pKVuYiElHyAiv3ZGR6rSTY+x8mogOKn:PPIPr6J2EuFkMIooIb/vRybxBpCO
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
113.52.134.114 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 106496
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00000000003e0000
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x0001a400', u'virtual_address': u'0x00009000', u'entropy': 7.986596399719864, u'name': u'.rdata', u'virtual_size': u'0x0001a3e0'} entropy 7.98659639972 description A section with a high entropy has been found
host 113.52.134.114
dead_host 113.52.134.114:443
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Cylance unsafe
Sangfor Trojan.Win32.Save.a
BitDefender Trojan.GenericKD.70769360
Cybereason malicious.17d161
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/ShellcodeRunner.FH
APEX Malicious
Avast Win64:BackdoorX-gen [Trj]
Kaspersky Backdoor.Win64.Havoc.bmo
MicroWorld-eScan Trojan.GenericKD.70769360
Rising Backdoor.Havoc!8.970A (TFE:5:NEi201AYkVM)
Emsisoft Trojan.GenericKD.70769360 (B)
F-Secure Trojan.TR/Redcap.qdmtm
FireEye Generic.mg.07eba257f3c68d1e
Sophos Mal/Generic-S
Ikarus Trojan.PSLoader
Google Detected
Avira TR/Redcap.qdmtm
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.ShellcodeRunner
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Win32/ScarletFlash.A
ZoneAlarm Backdoor.Win64.Havoc.bmo
GData Win64.Trojan.Agent.1LX0NW
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0DLD23
Tencent Malware.Win32.Gencirc.11b9d02c
SentinelOne Static AI - Malicious PE
Fortinet W32/ShellcodeRunner.FH!tr
AVG Win64:BackdoorX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)