popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

SP_activator_11.exe

Winnti Family Malicious Library UPX VMProtect PE64 PE File OS Processor Check MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 10, 2024, 9:19 p.m. April 10, 2024, 9:19 p.m.
Size 28.9MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 37bc139d30272f8ca5516adccb5e2300
SHA256 da4a0673bf79583fcf55539e7a4ef94e16215c7c8b32a50c30ebc8d412048489
CRC32 67F671BC
ssdeep 786432:d3k0ifwwDu3glyrF3R6FLexvARIKi6ZgyBe4XMcL4:d3k07igrqFexFKrZgCFXt4
Yara
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • Winnti_Family - Winnti_Family
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .didata
section .vmp0
section .vmp1
section .vmp2
Bkav W64.AIDetectMalware
MaxSecure Trojan.Malware.300983.susgen
section {u'size_of_data': u'0x01cdd200', u'virtual_address': u'0x02764000', u'entropy': 7.993858488832539, u'name': u'.vmp2', u'virtual_size': u'0x01cdd0a0'} entropy 7.99385848883 description A section with a high entropy has been found
entropy 0.999594162707 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
section .vmp2 description Section name indicates VMProtect