popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

eeee.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 3, 2024, 7:13 a.m. April 3, 2024, 7:18 a.m.
Size 421.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1fc71d8e8cb831924bdc7f36a9df1741
SHA256 609ef2b560381e8385a71a4a961afc94a1e1d19352414a591cd05217e9314625
CRC32 E45AB23A
ssdeep 12288:dNs70wrxwDBwTGvwDYwC9woS/Cw4AvcqOh2Q0fPbU3FM1jJS:D20wrxwDBwTGvwDYwYwoS/Cw4/qVQWbr
PDB Path c:\omtnkdoj\bnwv\yogisfk\cqf.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
62.210.113.223 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path c:\omtnkdoj\bnwv\yogisfk\cqf.pdb
description eeee.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds
Time & API Arguments Status Return Repeated

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0
section {u'size_of_data': u'0x00059400', u'virtual_address': u'0x00013000', u'entropy': 7.935551717965844, u'name': u'.data', u'virtual_size': u'0x0005a400'} entropy 7.93555171797 description A section with a high entropy has been found
entropy 0.85 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0
host 62.210.113.223
Time & API Arguments Status Return Repeated

NtShutdownSystem

 action: 1 (ShutdownReboot)
0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Pitou.4!c
Elastic Windows.Generic.Threat
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.PitouRI.S28786866
Skyhigh BehavesLike.Win32.Generic.gc
ALYac Gen:Variant.Lazy.214906
Cylance unsafe
VIPRE Gen:Variant.Lazy.214906
Sangfor Trojan.Win32.Pitou.Vq00
BitDefender Gen:Variant.Lazy.214906
K7GW Trojan ( 0051ac701 )
Arcabit Trojan.Lazy.D3477A
VirIT Trojan.Win32.Genus.VMC
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Pitou.K
APEX Malicious
McAfee GenericRXHQ-SA!1FC71D8E8CB8
Avast Win32:Pitou-A [Rtk]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win32/Pitou.a2ec31a2
NANO-Antivirus Trojan.Win32.Pitou.jpbcqi
SUPERAntiSpyware Trojan.Agent/Gen-Crypt
MicroWorld-eScan Gen:Variant.Lazy.214906
Rising Backdoor.Pitou!1.D9BF (CLASSIC)
Emsisoft Gen:Variant.Lazy.214906 (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.Pitou.17
TrendMicro Trojan.Win32.SMOKELOADER.YXEDBZ
Trapmine malicious.high.ml.score
FireEye Generic.mg.1fc71d8e8cb83192
Sophos Mal/Generic-S
Ikarus Trojan.Win32.SmokeLoader
Jiangmin Trojan.Generic.hehmg
Google Detected
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.Pitou
Kingsoft malware.kb.a.999
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium TrojWare.Win32.TrojanDownloader.Onkods.Q@52urg7
Microsoft Trojan:Win32/Pitou.AC!MTB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Lazy.214906
Varist W32/Pitou.B.gen!Eldorado
AhnLab-V3 Trojan/Win32.Tepfer.R96475
BitDefenderTheta AI:Packer.F563B3D71F
TACHYON Trojan-Dropper/W32.Quphix.431104
DeepInstinct MALICIOUS
VBA32 Malware-Cryptor.General.3