popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

movie.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 8, 2024, 7:41 a.m. Jan. 8, 2024, 7:44 a.m.
Size 448.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bc7963a7d0a8b745e704d22bbc2c3e03
SHA256 e46cf506bfb4234c04ff59e043986e5a3b2ff8fa04c316aefdc0d0c0e72a2c18
CRC32 1E0CEAC7
ssdeep 6144:nC5hyUR+MhyfUj6qfovXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BovmID/mQmpMcmSSIU16XE2e5L
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .textbss
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d90000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76f56000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4132864
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d9f000
process_handle: 0xffffffff
1 0 0