Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 14, 2024, 7:37 a.m.	June 14, 2024, 7:41 a.m.

Size	128.1KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`13f784b718e0d45057b628f504a11235`
SHA256	`2b1b2e2b385c22f12d16b626f6ceeb713eff7f152c6225ee9bc49d8609a6c7d9`
CRC32	`71EE06A8`
ssdeep	`1536:v8OJN+kiHVKeBEOAe9zRozT9CmGMlwLl0x8w8qW0KMhXO+kKDZdpXmdAdklV/Mgs:vZJN+FDXAPR7ILl0+50u+kKVzdCf/zx+`
Yara	IsPE64 - (no description) UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe "C:\Users\test22\AppData\Local\Temp\setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
8.138.18.215	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

{u'size_of_data': u'0x00004c00', u'virtual_address': u'0x00026000', u'entropy': 7.819925809274925, u'name': u'UPX1', u'virtual_size': u'0x00005000'}

entropy

7.81992580927

description

A section with a high entropy has been found

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

host

8.138.18.215

dead_host

8.138.18.215:80

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe