popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

build.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 11, 2024, 7:33 a.m. Jan. 11, 2024, 7:35 a.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 1d5084678b97f142dc7c3ea12304cbb6
SHA256 60f351b0db70f792c111229211107802f70ca8e9ce8d6cf8c8d4cb397981d965
CRC32 E50D7FFB
ssdeep 196608:9sqcMiSLkjE70vlAVkQY+MLJulgX4weHwDauwcbHZOZhD:KBMiSLkg7mGVkN+MLAgoweHEaK1W
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004700000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\stub.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\python310.dll
section {u'size_of_data': u'0x00a8e400', u'virtual_address': u'0x00036000', u'entropy': 7.99914374450434, u'name': u'.rsrc', u'virtual_size': u'0x00a8e3c0'} entropy 7.9991437445 description A section with a high entropy has been found
entropy 0.988206253428 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2572_133494079860781250\stub.exe
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Nuitka.4!c
MicroWorld-eScan Gen:Variant.Tedy.498670
Skyhigh BehavesLike.Win64.Dropper.vc
McAfee Artemis!1D5084678B97
Malwarebytes Malware.AI.3899173217
Zillya Trojan.Agent.Win32.3784133
Alibaba Packed:Win64/Nuitka_AGen.2f30668b
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Python/Packed.Nuitka_AGen.U suspicious
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Tedy.498670
Avast Win64:Evo-gen [Trj]
Tencent Malware.Win32.Gencirc.10bf714a
Emsisoft Gen:Variant.Tedy.498670 (B)
VIPRE Gen:Variant.Tedy.498670
Sophos Mal/Generic-S
Ikarus PUA.Python.Nuitka
Webroot W32.Trojan.FL
Google Detected
Varist W64/ABRisk.GBSM-1675
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft Win32.Troj.Undef.a
Microsoft Trojan:Win32/Znyonm
Gridinsoft Ransom.Win64.Sabsik.sa
Arcabit Trojan.Tedy.D79BEE
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Tedy.498670
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Evo-gen.R626445
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002H07AA24
Rising Trojan.Znyonm!8.18A3A (CLOUD)
SentinelOne Static AI - Malicious PE
Fortinet Riskware/Application
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (D)