Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 5, 2024, 11:36 p.m.	April 5, 2024, 11:36 p.m.

Size	2.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`31d3cd435981b2c203407a9c01683830`
SHA256	`831174c199baaf9fc39ef90d1e7866f05cd6f92b51eb83d7bc07c2b338081568`
CRC32	`9A0EF5AE`
ssdeep	`49152:kfivBThkVFOu1J8kGFeUIoBULFC38WlL51gzTFN7moLKb1PDITnVtOwvPhSlqqF2:kqvRGhMIaoLKbqqQ`
PDB Path	D:\Devops\agent\workspace\p-ea1fe144b4bd40e28ec935861fd2d9b2\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb
Yara	PhysicalDrive_20181001 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Devops\agent\workspace\p-ea1fe144b4bd40e28ec935861fd2d9b2\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.gfids
section	.QMGuid

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	CUSTOM
resource name	ZIPRES

Foreign language identified in PE resource (18 events)

name

CUSTOM

language

LANG_CHINESE

filetype

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0027e590

size

0x00013890

name

CUSTOM

language

LANG_CHINESE

filetype

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0027e590

size

0x00013890

name

ZIPRES

language

LANG_CHINESE

filetype

Zip archive data, at least v2.0 to extract

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002540e0

size

0x00020044

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0024dd28

size

0x00005fd2

name

RT_MENU

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00253d50

size

0x00000050

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00291e20

size

0x00000054

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00253d00

size

0x0000004c

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00253d00

size

0x0000004c

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00253da0

size

0x0000033c

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00053200', u'virtual_address': u'0x0023f000', u'entropy': 7.500771940269165, u'name': u'.rsrc', u'virtual_size': u'0x00053108'}

entropy

7.50077194027

description

A section with a high entropy has been found

OGLP_installer_1000222569_market.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All