Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 3, 2024, 7:38 a.m.	Jan. 3, 2024, 7:43 a.m.

Size	593.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`85215c82405b536a3b55105bb3fe361a`
SHA256	`141262cbd24e43f4c8911c32896fe6c1f0f5e171e8e6e6bd26a24a7bfde0dcd0`
CRC32	`C7A760E8`
ssdeep	`12288:+jy9rdsHeEpuV/xS90ngivnqqbJ1/l/oWzDC:5dsHeEpuVk6guqo19wiD`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

ioot.exe "C:\Users\test22\AppData\Local\Temp\ioot.exe"
1684

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

TEXTINCLUDE

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 3, 2024, 7:38 a.m.	stacktrace: ioot+0x1175 @ 0x401175 ioot+0x102f @ 0x40102f ioot+0x1ddb0 @ 0x41ddb0 ioot+0x13425 @ 0x413425 exception.instruction_r: f3 a4 5f 5e c3 90 90 90 90 90 90 90 90 90 90 90 exception.symbol: ioot+0x1256c exception.instruction: movsb byte ptr es:[edi], byte ptr [esi] exception.module: ioot.exe exception.exception_code: 0xc0000005 exception.offset: 75116 exception.address: 0x41256c registers.esp: 1637252 registers.edi: 7224400 registers.eax: 7224392 registers.ebp: 1637572 registers.edx: 2 registers.ebx: 4208864 registers.esi: 2154729384 registers.ecx: 2	1	0	0

Foreign language identified in PE resource (38 events)

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bfa28

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bfa28

size

0x00000151

name

TEXTINCLUDE

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bfa28

size

0x00000151

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bff18

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bff18

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bff18

size

0x000000b4

name

RT_CURSOR

language

LANG_CHINESE

filetype

empty

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000bff18

size

0x000000b4

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000c1620

size

0x00000144

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109bc8

size

0x00000024

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c14

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c14

size

0x00000022

name

RT_GROUP_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109c14

size

0x00000022

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109cb4

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109cb4

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00109cb4

size

0x00000014

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0004b800', u'virtual_address': u'0x000c1000', u'entropy': 7.929383874554713, u'name': u'UPX1', u'virtual_size': u'0x0004c000'}

entropy

7.92938387455

description

A section with a high entropy has been found

entropy

0.510135135135

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Multi.Generic.lt2b
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Multi
Skyhigh	BehavesLike.Win32.Generic.hc
ALYac	Trojan.GenericKD.70985321
Cylance	unsafe
VIPRE	Trojan.GenericKD.70985321
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005246d51 )
BitDefender	Trojan.GenericKD.70985321
K7GW	Trojan ( 005246d51 )
Cybereason	malicious.da4c4a
Arcabit	Trojan.Generic.D43B2669
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.FlyStudio.ED
APEX	Malicious
McAfee	Artemis!85215C82405B
Avast	Win32:Malware-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.Wsgame.kgcopq
MicroWorld-eScan	Trojan.GenericKD.70985321
Rising	Downloader.FlyStudio!8.5E9 (CLOUD)
Emsisoft	Application.Generic (A)
DrWeb	Trojan.PWS.Wsgame.57578
TrendMicro	TROJ_GEN.R002C0GA124
Trapmine	malicious.high.ml.score
FireEye	Trojan.GenericKD.70985321
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.QQWare
Google	Detected
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Packed]/Win32.FlyStudio
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/Caynamer.A!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.PSE.192BHS8
Varist	W32/Trojan.CLL.gen!Eldorado
BitDefenderTheta	Gen:NN.ZexaF.36608.LmGfayJZNvab
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Emotet
Malwarebytes	MachineLearning/Anomalous.94%
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0GA124
Yandex	Trojan.GenAsa!ZU78ump4sm8
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.PHP!tr
AVG	Win32:Malware-gen

ioot.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All