Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 24, 2023, 12:46 p.m.	Dec. 24, 2023, 12:50 p.m.

Size	16.0MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c6a1ab972148e30f1da590a43b107411`
SHA256	`749c1035385ed05bbcf4100bf8411c0354bd4804147aeac0c68829e6bb7a1dc2`
CRC32	`43654F9D`
ssdeep	`393216:XyFwUPSKpwj4H5QWdUjqxT3g5wThwWRxjqKHGo0dI:WwypGsHGWdUjq93g4hjbjqdo0dI`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

launcher.exe "C:\Users\test22\AppData\Local\Temp\launcher.exe"
1740

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	_RDATA
section	.[HU
section	.?wn
section	.t6Q

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

THEME

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 24, 2023, 12:39 p.m.	stacktrace: launcher+0x173dec2 @ 0x140f7dec2 launcher+0x7dce28 @ 0x14001ce28 0x7fffffd0100 exception.instruction_r: 90 53 e8 1a b8 e6 ff e8 8b 57 f9 ff 9d 0f 31 90 exception.symbol: launcher+0x173dec2 exception.instruction: nop exception.module: launcher.exe exception.exception_code: 0x80000004 exception.offset: 24370882 exception.address: 0x140f7dec2 registers.r14: 0 registers.r15: 0 registers.rcx: 3735929054 registers.rsi: 0 registers.r10: 43840 registers.rbx: 0 registers.rsp: 2816496 registers.r11: 5369025911 registers.r8: 82 registers.r9: 655420 registers.rdx: 79 registers.r12: 0 registers.rbp: 2816512 registers.rdi: 0 registers.rax: 319566729 registers.r13: 0	1	0	0
__exception__ Dec. 24, 2023, 12:39 p.m.	stacktrace: RtlIsDosDeviceName_U+0x15a97 NtdllDialogWndProc_A-0x18cd5 ntdll+0x6f517 @ 0x7772f517 VerSetConditionMask+0x7f4 DbgPrint-0xcc ntdll+0x157c4 @ 0x776d57c4 RtlDecodePointer+0xbd NtdllDefWindowProc_W-0x139f ntdll+0x29d0d @ 0x776e9d0d RtlUnwindEx+0xbbf RtlRaiseException-0x3b1 ntdll+0x191af @ 0x776d91af New_ntdll_RtlDispatchException+0x154 New_ntdll_RtlRemoveVectoredContinueHandler-0x33 @ 0x749b6df1 KiUserExceptionDispatcher+0x2e KiRaiseUserExceptionDispatcher-0x45 ntdll+0x51278 @ 0x77711278 launcher+0x173dec2 @ 0x140f7dec2 exception.instruction_r: 48 8b 01 48 89 86 f8 00 00 00 48 8d 41 08 48 89 exception.symbol: RtlIsDosDeviceName_U+0x15a97 NtdllDialogWndProc_A-0x18cd5 ntdll+0x6f517 exception.instruction: mov rax, qword ptr [rcx] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 455959 exception.address: 0x7772f517 registers.r14: 32938349013763329 registers.r15: 32374849304396929 registers.rcx: 2949120 registers.rsi: 35192347851228929 registers.r10: 0 registers.rbx: 35755847560595329 registers.rsp: 2819200 registers.r11: 8791771934720 registers.r8: 2004821056 registers.r9: 1958453248 registers.rdx: 2807768 registers.r12: 34065348432496129 registers.rbp: 0 registers.rdi: 34628848141862529 registers.rax: 0 registers.r13: 33501848723129729	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00fec000', u'virtual_address': u'0x007a8000', u'entropy': 7.997664448729661, u'name': u'.t6Q', u'virtual_size': u'0x00febf38'}

entropy

7.99766444873

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0000de00', u'virtual_address': u'0x01796000', u'entropy': 7.974557100747766, u'name': u'.rsrc', u'virtual_size': u'0x007e2910'}

entropy

7.97455710075

description

A section with a high entropy has been found

entropy

0.999389107792

description

Overall entropy of this PE file is high

launcher

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All