popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

current.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 4, 2024, 7:21 a.m. April 4, 2024, 7:23 a.m.
Size 358.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e280b7c502386f1c7317ed841e65512d
SHA256 b8115f0a7a1986da27f84c8c556ba5799ea17a708490f849187b1f14dda289e4
CRC32 1B06444E
ssdeep 6144:UMPcbrC3CV6Gup9MNY6zU/Yo2IdMB//k7YIITj:hcbrC3CV6Gm9yYwYRm//k81j
PDB Path C:\hisipelusez\nag95\toveb\fotenexarep potecicobaf8.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\hisipelusez\nag95\toveb\fotenexarep potecicobaf8.pdb
resource name RICAXAXOFIPORIDAJALEWINE
resource name VASOFEMESAKA
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 172032
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009f1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 286720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00880000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0002f000', u'virtual_address': u'0x0001d000', u'entropy': 7.537883102983499, u'name': u'.data', u'virtual_size': u'0x0044a308'} entropy 7.53788310298 description A section with a high entropy has been found
entropy 0.525874125874 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Lockbit.fc
Cylance unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Ransomware ( 0053d5971 )
K7GW Ransomware ( 0053d5971 )
Symantec Packed.Generic.525
tehtris Generic.Malware
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky VHO:Backdoor.Win32.Convagent.gen
Rising Trojan.Generic@AI.100 (RDML:uaUHqxVrP1KoF2RlD4VySg)
Trapmine malicious.high.ml.score
FireEye Generic.mg.e280b7c502386f1c
Sophos ML/PE-A
Ikarus Trojan.Win32.Danabot
Google Detected
Kingsoft malware.kb.a.1000
Gridinsoft Ransom.Win32.STOP.tr!n
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm VHO:Backdoor.Win32.Convagent.gen
BitDefenderTheta Gen:NN.ZexaF.36802.wq0@aCleKmfG
DeepInstinct MALICIOUS
VBA32 Malware-Cryptor.Azorult.gen
Tencent Trojan.Win32.Obfuscated.gen
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HWMW!tr
CrowdStrike win/malicious_confidence_100% (D)