popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

tesgs.exe

NSIS UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 12, 2024, 8:40 a.m. April 12, 2024, 8:40 a.m.
Size 521.6KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 068c05b9f062da142d266a374866d3bb
SHA256 cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a
CRC32 468A8370
ssdeep 12288:xfL5njsVlNucSkkMxi+FAbPr+rr6K+u03mlw0lsp5ie:xfL5njMnOMxw26KY3t0lOAe
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .ndata
section {u'size_of_data': u'0x00015200', u'virtual_address': u'0x00045000', u'entropy': 7.132776027569193, u'name': u'.rsrc', u'virtual_size': u'0x00015200'} entropy 7.13277602757 description A section with a high entropy has been found
entropy 0.716101694915 description Overall entropy of this PE file is high