popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1afd11ac-e4a1-428c-a564-7314ebd8796f

Gen1 Malicious Library ASPack UPX Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 20, 2023, 7:46 a.m. Dec. 20, 2023, 7:52 a.m.
Size 13.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 125a5c30fd99f5f53b2914e9f6cf1627
SHA256 15548dc4aab59a1ecc65d7cbe37b2a6224e8be7682621e8f6b9ed851ab6f4e97
CRC32 B6DBFC91
ssdeep 393216:iiIE7YoSD2nwW+eGQRIMTozGxu8C0ibfz6e57Z1bmXdWCUI:L7rSDawW+e5R5oztZ026e5DkVUI
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • ASPack_Zero - ASPack packed file
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196974
registers.rcx: 196974
registers.rsi: 1
registers.r10: 196974
registers.rbx: 0
registers.rsp: 2980280
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 10065056
registers.rdi: 0
registers.rax: 2980384
registers.r13: 28
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI20882\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\pywin32_system32\pywintypes312.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\VCRUNTIME140_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\libssl-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\libcrypto-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20882\python312.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00046000', u'entropy': 7.554967714213718, u'name': u'.rsrc', u'virtual_size': u'0x0000f41c'} entropy 7.55496771421 description A section with a high entropy has been found