popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

main.exe

Gen1 Malicious Library UPX Anti_VM PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 5, 2024, 4:37 p.m. Feb. 5, 2024, 4:39 p.m.
Size 7.7MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 847a21513809ca25f688d6a34b3d3599
SHA256 7e35e936aaf628cc8d82296dc3677551e6ef2117ea8cc1adb36702da8e8a2b46
CRC32 AC976FF2
ssdeep 98304:e88jkCIf8708vsa2x6OMD/x/0feyGgatgQ940BDlgwdnpka9R/k9t+28Gt+xB70+:e8QF08JPDfyGgjwBdnpkYRMOzeC
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Temp\_MEI20562\pywin32_system32\pywintypes310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\VCRUNTIME140_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20562\VCRUNTIME140.dll
section {u'size_of_data': u'0x0000f000', u'virtual_address': u'0x00046000', u'entropy': 7.350140723239742, u'name': u'.rsrc', u'virtual_size': u'0x0000ef8c'} entropy 7.35014072324 description A section with a high entropy has been found
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Backdoor.wc
Cylance unsafe
Sangfor Trojan.Win32.Save.a
Symantec Trojan.Gen.MBT
McAfee Artemis!847A21513809
Kaspersky UDS:DangerousObject.Multi.Generic
Jiangmin TrojanDownloader.Pyfatget.d
Gridinsoft Ransom.Win64.Wacatac.ca
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm UDS:DangerousObject.Multi.Generic
Panda Trj/Chgt.AD
SentinelOne Static AI - Suspicious PE