Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 1, 2024, 7:32 a.m.	April 1, 2024, 7:36 a.m.

Size	458.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eedbb21196d92b9ef5857d13ff848d6e`
SHA256	`abd4ca6f61fd0e58b778e812ee05a48155adb14178eb716c70bcd2a129cd5c56`
CRC32	`5AA8975D`
ssdeep	`6144:8F6TAKHbrwOfmjN6pkFU3jb7bxbgd5RCOTtop5sfSxzFTfcXMZaX:66TAKBOB6pkgBgdHRpoph/SMUX`
PDB Path	C:\pirenoxaguhupo\44-doluxonix_89\bidihab buza.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\pirenoxaguhupo\44-doluxonix_89\bidihab buza.pdb

resource name	AFX_DIALOG_LAYOUT
resource name	RUJEKAHELAXEC

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 1, 2024, 7:32 a.m.	process_identifier: 516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 233472 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02e2e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory April 1, 2024, 7:32 a.m.	process_identifier: 516 region_size: 450560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02d70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00047800', u'virtual_address': u'0x00019000', u'entropy': 7.043589364471127, u'name': u'.data', u'virtual_size': u'0x02942f04'}

entropy

7.04358936447

description

A section with a high entropy has been found

entropy

0.625136612022

description

Overall entropy of this PE file is high

ISetup10.exe