popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

swizzzz.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 5, 2024, 7:27 a.m. June 5, 2024, 7:29 a.m.
Size 352.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a74811b7e2d71612463144c69c0ca7e2
SHA256 3d07b09f83f2fc5dcb7f2429cac9a37160181da77df5a429e37b98dd685f239f
CRC32 9154411C
ssdeep 6144:IsCv/QNuZNjDPp9XC2Fgd6dwiJLR8ATGb5gBJYgEltzK5d5Sw+tuhdZUui/EO:I/+uZNjDPNGeR85+YgEf25CtuhLi/EO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .BSs
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x2101cb
        

      
    
  
    
      
        registers.esp:
        11009004
        

      
        registers.edi:
        1973072088
        

      
        registers.eax:
        1972830208
        

      
        registers.ebp:
        629
        

      
        registers.edx:
        1973069536
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1973157892
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2544
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00210000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00026c00', u'virtual_address': u'0x00030000', u'entropy': 7.969993170329307, u'name': u'.data', u'virtual_size': u'0x000279f4'}
                                        
                                    
                                        
                                            entropy
                                            7.96999317033
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.453216374269
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high