Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 12, 2024, 3:08 p.m.	April 12, 2024, 3:08 p.m.

Size	50.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c6f9d01d211a535eb819a7bb0057a77a`
SHA256	`3a7926816890498b4b28caeb0017fc5adea97a222c2c63f2e477e3dab269971a`
CRC32	`042CD9B5`
ssdeep	`1536:COlCGjrZRlV1eCE6cWzPLoZh4hb0qfWT5M4:DLrV1eCjx0Z2ewWT5r`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Foreign language identified in PE resource (4 events)

name

RT_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000e578

size

0x000002e8

name

RT_RCDATA

language

LANG_CHINESE

filetype

PE32 executable (DLL) (console) Intel 80386, for MS Windows

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000b130

size

0x00003000

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000e860

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0000e130

size

0x00000448

wormr.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All