Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 15, 2023, 6:58 p.m.	Dec. 15, 2023, 7 p.m.

Size	760.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f89eaa7fbb0a8b2e24ad2671d833b15f`
SHA256	`38e73fb4a7a7f2db4050786998e0ddf0796666697161c3ea01ce3a0739216dd6`
CRC32	`ABCF6CAD`
ssdeep	`12288:144M2HpWtxkR9X+iQsN4hfqqxtATOAsRgK+hdqoxdow9Rmlcw5WBUod:1/mQ9OmMqqrASMfvTn6cd`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature VMProtect_Zero - VMProtect packed file

2.exe "C:\Users\test22\AppData\Local\Temp\2.exe"
292

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.vmp0
section	.vmp1
section	wnnstpm

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	TEXTINCLUDE
resource name	WAVE

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Dec. 15, 2023, 6:58 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x745976de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x7564fb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x74597600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x7564fcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x7564fd36 2+0x157601 @ 0x557601 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74423f46 registers.esp: 1634728 registers.edi: 0 registers.eax: 1950498630 registers.ebp: 1634768 registers.edx: 0 registers.ebx: 0 registers.esi: 1950498630 registers.ecx: 10292584	1
__exception__ Dec. 15, 2023, 6:58 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x745976de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x7564fb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x74597600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x7564fcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x7564fd36 2+0x157601 @ 0x557601 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74423f46 registers.esp: 1634728 registers.edi: 0 registers.eax: 1950498630 registers.ebp: 1634768 registers.edx: 0 registers.ebx: 0 registers.esi: 1950498630 registers.ecx: 10292584	1
__exception__ Dec. 15, 2023, 6:58 p.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25 0x444dfc4b RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x750d3ef4 registers.esp: 1637640 registers.edi: 0 registers.eax: 7336600 registers.ebp: 1637668 registers.edx: 1 registers.ebx: 0 registers.esi: 7839304 registers.ecx: 1950365052	1

Time & API

Arguments

Status

Return

Repeated

__exception__

Dec. 15, 2023, 6:58 p.m.

stacktrace:

GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18
MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f
New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x745976de
MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x7564fb9e
New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x74597600
MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x7564fcf1
MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x7564fd36
2+0x157601 @ 0x557601

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x74423f46
registers.esp: 1634728
registers.edi: 0
registers.eax: 1950498630
registers.ebp: 1634768
registers.edx: 0
registers.ebx: 0
registers.esi: 1950498630
registers.ecx: 10292584

__exception__

Dec. 15, 2023, 6:58 p.m.

stacktrace:

GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18
MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f
New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x745976de
MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x7564fb9e
New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x74597600
MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x7564fcf1
MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x7564fd36
2+0x157601 @ 0x557601

__exception__

Dec. 15, 2023, 6:58 p.m.

stacktrace:

CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25
0x444dfc4b
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x750d3ef4
registers.esp: 1637640
registers.edi: 0
registers.eax: 7336600
registers.ebp: 1637668
registers.edx: 1
registers.ebx: 0
registers.esi: 7839304
registers.ecx: 1950365052

Foreign language identified in PE resource (50 out of 56 events)

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011e410

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011e410

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011e410

size

0x00000151

name

WAVE

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011e564

size

0x00001448

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0011ff30

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001216b8

size

0x00000144

name

RT_MENU

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00121808

size

0x00000284

name

RT_MENU

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00121808

size

0x00000284

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_DIALOG

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00122a50

size

0x0000018c

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00123498

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0012350c

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0012350c

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0012350c

size

0x00000022

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00071000', u'virtual_address': u'0x00128000', u'entropy': 7.926577900156289, u'name': u'.vmp1', u'virtual_size': u'0x00071000'}

entropy

7.92657790016

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00008000', u'virtual_address': u'0x00199000', u'entropy': 7.267538429540369, u'name': u'.reloc', u'virtual_size': u'0x00008000'}

entropy

7.26753842954

description

A section with a high entropy has been found

entropy

0.640211640212

description

Overall entropy of this PE file is high

The executable is likely packed with VMProtect (2 events)

section	.vmp0				description	Section name indicates VMProtect
section	.vmp1				description	Section name indicates VMProtect

2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All