popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

loader.exe

Malicious Packer PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 4, 2024, 10:47 a.m. Jan. 4, 2024, 10:49 a.m.
Size 19.4MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 099181592db185c539594ecf3053f52d
SHA256 51745628d4c34c4b7fc4da7451ef6ca27fdeb2183423be4cc44dc67400184196
CRC32 A4C3E94D
ssdeep 393216:FPl7+tvhQO0gdCuE111+FZoQQ1CdjgP1RvtaWjBMrgROI0O9rgtBzb6:GtvhQ4d2+FZoeZ61R1fjWgROIZ9rgtBC
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • themida_packer - themida packer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
section .themida
section .boot
section {u'size_of_data': u'0x0007f400', u'virtual_address': u'0x00001000', u'entropy': 7.978391538524767, u'name': u' ', u'virtual_size': u'0x000da22c'} entropy 7.97839153852 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002f000', u'virtual_address': u'0x000dc000', u'entropy': 7.977897626444311, u'name': u' ', u'virtual_size': u'0x0005afce'} entropy 7.97789762644 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002a00', u'virtual_address': u'0x00137000', u'entropy': 7.863864462312116, u'name': u' ', u'virtual_size': u'0x000042d0'} entropy 7.86386446231 description A section with a high entropy has been found
section {u'size_of_data': u'0x00005e00', u'virtual_address': u'0x0013c000', u'entropy': 7.566538562078136, u'name': u' ', u'virtual_size': u'0x000098f4'} entropy 7.56653856208 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000800', u'virtual_address': u'0x00147000', u'entropy': 7.52351091364488, u'name': u' ', u'virtual_size': u'0x00000e64'} entropy 7.52351091364 description A section with a high entropy has been found
section {u'size_of_data': u'0x012a6800', u'virtual_address': u'0x01ec9000', u'entropy': 7.958378674939324, u'name': u'.boot', u'virtual_size': u'0x012a6800'} entropy 7.95837867494 description A section with a high entropy has been found
entropy 0.999822752163 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win64.Agentb.trtl
Cynet Malicious (score: 100)
Skyhigh Artemis
McAfee Artemis!099181592DB1
Cylance unsafe
Sangfor Packer.Win32.Themida.swycg
Cybereason malicious.00ed7c
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win64/Packed.Themida.Q suspicious
APEX Malicious
Avast Win64:TrojanX-gen [Trj]
FireEye Generic.mg.099181592db185c5
Sophos Mal/Generic-S
Google Detected
Antiy-AVL Trojan[Packed]/Win64.Themida
Gridinsoft Ransom.Win64.Wacatac.sa
Microsoft Trojan:Win32/Wacatac.B!ml
GData Win64.Trojan.Agent.N0DZOZ
Varist W64/Trojan.GKA.gen!Eldorado
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/Application
AVG Win64:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)