popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

klounada.exe

VMProtect Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 10, 2024, 1:44 p.m. April 10, 2024, 1:44 p.m.
Size 5.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 616756248d85c819fd0830d660a7aaa0
SHA256 1e2f5b51b09d3f0060700403f138e33cf4c085dde4fbb469c420e9fd840f04d3
CRC32 652A33A3
ssdeep 98304:g2GmrHOupd2UnxrkWKnuIGQi0iEFZTbKEH/Zh9lkdKnZ7QOjXIEgTH:a1UxrxWuYFFhDYKnOObIEgT
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00578200', u'virtual_address': u'0x00374000', u'entropy': 7.961213059411785, u'name': u'.vmp1', u'virtual_size': u'0x005781d0'} entropy 7.96121305941 description A section with a high entropy has been found
entropy 0.999732238486 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.tc
ALYac Gen:Variant.Zusy.544420
Cylance unsafe
VIPRE Gen:Variant.Zusy.544420
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Zusy.544420
Arcabit Trojan.Zusy.D84EA4
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Packed.VMProtect.ACR
APEX Malicious
McAfee Artemis!616756248D85
Avast FileRepMalware [Misc]
ClamAV Win.Packed.Vmprotect-10026625-0
Kaspersky HEUR:Trojan.Win32.Generic
MicroWorld-eScan Gen:Variant.Zusy.544420
Rising Trojan.Generic@AI.100 (RDML:7qbB2Vqnem4M07cCPLbN9Q)
Emsisoft Gen:Variant.Zusy.544420 (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
Trapmine malicious.high.ml.score
FireEye Generic.mg.616756248d85c819
Sophos Mal/Generic-S
Google Detected
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=81)
Kingsoft Win32.Trojan.Generic.a
Microsoft Trojan:Win32/Znyonm
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Zusy.544420
AhnLab-V3 Trojan/Win.Generic.R644235
BitDefenderTheta Gen:NN.ZexaF.36802.@BW@aqKHcs
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Tencent Win32.Trojan.Generic.Zmhl
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware [Misc]