popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

perlo.exe

EnigmaProtector Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 13, 2024, 6:59 p.m. Jan. 13, 2024, 7:11 p.m.
Size 1.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 529534459e46a1deb637dae10c151bda
SHA256 25d02c9ff6e6dd4b9b268ee136e563ea47b412fdc3377f4e39edc2ee20758f1e
CRC32 E9620370
ssdeep 49152:zOXJUbOzKnWpQfTYenU/qwDjLpKAYAqcf:zTbOzKnWpUTYenU/5YAqS
Yara
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • EnigmaProtector_IN - EnigmaProtector

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
perlo+0x30c9d4 @ 0x3ac9d4
perlo+0x3165ad @ 0x3b65ad
perlo+0x4057ba @ 0x4a57ba

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: perlo+0x2645d0
exception.instruction: ud2
exception.module: perlo.exe
exception.exception_code: 0xc000001d
exception.offset: 2508240
exception.address: 0x3045d0
registers.esp: 11401124
registers.edi: 4874480
registers.eax: 0
registers.ebp: 11401152
registers.edx: 2
registers.ebx: 705219418
registers.esi: 2232320
registers.ecx: 39598228
1 0 0

__exception__

 stacktrace: 
perlo+0x30c9d4 @ 0x3ac9d4
perlo+0x3165ad @ 0x3b65ad
perlo+0x4057ba @ 0x4a57ba

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: perlo+0x2645a5
exception.instruction: div eax
exception.module: perlo.exe
exception.exception_code: 0xc0000094
exception.offset: 2508197
exception.address: 0x3045a5
registers.esp: 11401124
registers.edi: 11401124
registers.eax: 0
registers.ebp: 11401152
registers.edx: 0
registers.ebx: 3163622
registers.esi: 0
registers.ecx: 11401160
1 0 0

__exception__

 stacktrace: 
perlo+0x30c9d4 @ 0x3ac9d4
perlo+0x3165ad @ 0x3b65ad
perlo+0x4057ba @ 0x4a57ba

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: perlo+0x2645d0
exception.instruction: ud2
exception.module: perlo.exe
exception.exception_code: 0xc000001d
exception.offset: 2508240
exception.address: 0x3045d0
registers.esp: 11401124
registers.edi: 11401124
registers.eax: 0
registers.ebp: 11401152
registers.edx: 2
registers.ebx: 3163579
registers.esi: 0
registers.ecx: 11401160
1 0 0

__exception__

 stacktrace: 
perlo+0x30c9d4 @ 0x3ac9d4
perlo+0x3165ad @ 0x3b65ad
perlo+0x4057ba @ 0x4a57ba

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: perlo+0x2645d0
exception.instruction: ud2
exception.module: perlo.exe
exception.exception_code: 0xc000001d
exception.offset: 2508240
exception.address: 0x3045d0
registers.esp: 11401124
registers.edi: 11401124
registers.eax: 0
registers.ebp: 11401152
registers.edx: 2
registers.ebx: 3163622
registers.esi: 0
registers.ecx: 11401160
1 0 0

__exception__

 stacktrace: 
perlo+0x30c9d4 @ 0x3ac9d4
perlo+0x3165ad @ 0x3b65ad
perlo+0x4057ba @ 0x4a57ba

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: perlo+0x2645d0
exception.instruction: ud2
exception.module: perlo.exe
exception.exception_code: 0xc000001d
exception.offset: 2508240
exception.address: 0x3045d0
registers.esp: 11401124
registers.edi: 11401124
registers.eax: 0
registers.ebp: 11401152
registers.edx: 2
registers.ebx: 3163622
registers.esi: 0
registers.ecx: 11401160
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00cb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02590000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00b90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00bb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00bc0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02594000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0007b000', u'virtual_address': u'0x00001000', u'entropy': 7.999496752057893, u'name': u'', u'virtual_size': u'0x0012d000'} entropy 7.99949675206 description A section with a high entropy has been found
section {u'size_of_data': u'0x00014000', u'virtual_address': u'0x0012e000', u'entropy': 7.99561877063146, u'name': u'', u'virtual_size': u'0x0002c000'} entropy 7.99561877063 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000800', u'virtual_address': u'0x0015a000', u'entropy': 7.258704125524124, u'name': u'', u'virtual_size': u'0x00004000'} entropy 7.25870412552 description A section with a high entropy has been found
section {u'size_of_data': u'0x00007200', u'virtual_address': u'0x0016a000', u'entropy': 7.992950406006598, u'name': u'', u'virtual_size': u'0x0000b000'} entropy 7.99295040601 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002fc00', u'virtual_address': u'0x00181000', u'entropy': 7.998739056460193, u'name': u'', u'virtual_size': u'0x0029d000'} entropy 7.99873905646 description A section with a high entropy has been found
section {u'size_of_data': u'0x000f8800', u'virtual_address': u'0x0041e000', u'entropy': 7.978271594456091, u'name': u'.data', u'virtual_size': u'0x000f9000'} entropy 7.97827159446 description A section with a high entropy has been found
entropy 0.974379940038 description Overall entropy of this PE file is high