Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 16, 2024, 7:55 a.m.	Jan. 16, 2024, 7:59 a.m.

Size	273.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`95f70460434d32448cfb8e78e77edb14`
SHA256	`28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a`
CRC32	`169BC447`
ssdeep	`3072:yRxm2/NDzdE3AlymGqo8bMufXYcNEFyxWvdOD5oF1KDsBTgn:yRxd/NDzmMymFBbMuDeFyxSpPUsBT`
PDB Path	C:\sucoxap14\worifix\nacotofeyiju.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature

2-3-1_2023-12-14_13-35.exe "C:\Users\test22\AppData\Local\Temp\2-3-1_2023-12-14_13-35.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\sucoxap14\worifix\nacotofeyiju.pdb

resource name	CUTETUMIVE
resource name	PUNELIXUXIZINOPAZEYENUGOYEG
resource name	XAYOCEKOCOJOWOCIMELANON

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002bc000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2556 region_size: 90112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0001f000', u'virtual_address': u'0x00001000', u'entropy': 7.449096209833163, u'name': u'.text', u'virtual_size': u'0x0001eef0'}

entropy

7.44909620983

description

A section with a high entropy has been found

entropy

0.455882352941

description

Overall entropy of this PE file is high

2-3-1_2023-12-14_13-35.exe