popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

amer.exe

EnigmaProtector UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 17, 2024, 3:13 p.m. Jan. 17, 2024, 3:16 p.m.
Size 1.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b724b7b724854f8bcc44505303036f41
SHA256 d7d7fe29c6c71216afceb7185e7dbf5349b8626fa5dccfcff0c553002a206b32
CRC32 5B6A91AC
ssdeep 24576:LjV1Lcuz3wB/E3u1zYHoMw6fKD959IJoJNZJw8VWnhYUHLAy5Tyiz0:L/5e16U6A9593pDWOUrN5Tys0
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • EnigmaProtector_IN - EnigmaProtector

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535a5
exception.instruction: div eax
exception.module: amer.exe
exception.exception_code: 0xc0000094
exception.offset: 1389989
exception.address: 0xe435a5
registers.esp: 5504244
registers.edi: 16666864
registers.eax: 0
registers.ebp: 5504272
registers.edx: 0
registers.ebx: 1313506360
registers.esi: 14024704
registers.ecx: 40843528
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535a5
exception.instruction: div eax
exception.module: amer.exe
exception.exception_code: 0xc0000094
exception.offset: 1389989
exception.address: 0xe435a5
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 0
registers.ebx: 14955963
registers.esi: 0
registers.ecx: 5504280
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535a5
exception.instruction: div eax
exception.module: amer.exe
exception.exception_code: 0xc0000094
exception.offset: 1389989
exception.address: 0xe435a5
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 0
registers.ebx: 14955963
registers.esi: 0
registers.ecx: 5504280
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535a5
exception.instruction: div eax
exception.module: amer.exe
exception.exception_code: 0xc0000094
exception.offset: 1389989
exception.address: 0xe435a5
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 0
registers.ebx: 14955963
registers.esi: 0
registers.ecx: 5504280
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535d0
exception.instruction: ud2
exception.module: amer.exe
exception.exception_code: 0xc000001d
exception.offset: 1390032
exception.address: 0xe435d0
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 2
registers.ebx: 14955963
registers.esi: 0
registers.ecx: 5504280
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: f7 f0 e8 6c 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535a5
exception.instruction: div eax
exception.module: amer.exe
exception.exception_code: 0xc0000094
exception.offset: 1389989
exception.address: 0xe435a5
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 0
registers.ebx: 14956006
registers.esi: 0
registers.ecx: 5504280
1 0 0

__exception__

 stacktrace: 
amer+0x1f9d86 @ 0xee9d86
amer+0x2066f3 @ 0xef66f3
amer+0x2f4296 @ 0xfe4296

exception.instruction_r: 0f 0b e8 41 40 01 00 33 c0 5a 59 59 64 89 10 eb
exception.symbol: amer+0x1535d0
exception.instruction: ud2
exception.module: amer.exe
exception.exception_code: 0xc000001d
exception.offset: 1390032
exception.address: 0xe435d0
registers.esp: 5504244
registers.edi: 5504244
registers.eax: 0
registers.ebp: 5504272
registers.edx: 2
registers.ebx: 14955963
registers.esi: 0
registers.ecx: 5504280
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00810000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00540000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00560000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00570000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026d4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02704000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02704000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02704000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02724000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00023c00', u'virtual_address': u'0x00001000', u'entropy': 7.997888317516056, u'name': u'', u'virtual_size': u'0x00051000'} entropy 7.99788831752 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006a00', u'virtual_address': u'0x00052000', u'entropy': 7.988330768029779, u'name': u'', u'virtual_size': u'0x00012000'} entropy 7.98833076803 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000a00', u'virtual_address': u'0x00064000', u'entropy': 7.144119567783236, u'name': u'', u'virtual_size': u'0x00005000'} entropy 7.14411956778 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003c00', u'virtual_address': u'0x0006a000', u'entropy': 7.98236983693157, u'name': u'', u'virtual_size': u'0x00005000'} entropy 7.98236983693 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002fc00', u'virtual_address': u'0x00070000', u'entropy': 7.998793242213264, u'name': u'', u'virtual_size': u'0x0029d000'} entropy 7.99879324221 description A section with a high entropy has been found
section {u'size_of_data': u'0x000f3e00', u'virtual_address': u'0x0030d000', u'entropy': 7.975545779566482, u'name': u'.data', u'virtual_size': u'0x000f4000'} entropy 7.97554577957 description A section with a high entropy has been found
entropy 0.998524529694 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.tc
McAfee GenericRXMR-KT!67FC04C498ED
Cylance unsafe
VIPRE Trojan.GenericKDZ.105010
BitDefender Trojan.GenericKDZ.105010
Cybereason malicious.15eb83
Arcabit Trojan.Generic.D19A32
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Packed.Enigma.GI
APEX Malicious
Avast Win32:PWSX-gen [Trj]
MicroWorld-eScan Trojan.GenericKDZ.105010
Emsisoft Trojan.GenericKDZ.105010 (B)
F-Secure Heuristic.HEUR/AGEN.1365153
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Dropper.Agent
Webroot W32.Malware.Gen
Google Detected
Avira HEUR/AGEN.1365153
Antiy-AVL Trojan[Packed]/Win32.EnigmaProtector
Kingsoft malware.kb.a.941
Microsoft Backdoor:Win32/Bladabindi!ml
GData Trojan.GenericKDZ.105010
Varist W32/Enigma.P.gen!Eldorado
AhnLab-V3 Trojan/Win.Generic.C5571093
BitDefenderTheta Gen:NN.ZexaF.36680.uH0@aCa9Bkji
DeepInstinct MALICIOUS
VBA32 Trojan.Wacatac
Malwarebytes Trojan.Packed.Enigma
Zoner Probably Heur.ExeHeaderL
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (D)