popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

installer2.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 15, 2024, 8:21 a.m. June 15, 2024, 8:25 a.m.
Size 16.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5aece647826a6f39a8bb8b17cd4186d6
SHA256 aa212361c56bc3c307df12dd1ef574bb21c03f28a3cacc94a5a683d217b27ebc
CRC32 FA674A8D
ssdeep 393216:A/53AXVAd5y2XjI4j10HlDR4K55RUGOtdMPFSeUP:GqUy+j1a9yPkFvU
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
147.45.47.126 Active Moloch
163.172.154.142 Active Moloch
172.67.198.131 Active Moloch
185.172.128.19 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 147.45.47.126:58709 -> 192.168.56.101:49179 2400022 ET DROP Spamhaus DROP Listed Traffic Inbound group 23 Misc Attack

Suricata TLS

No Suricata TLS

section .00cfg
section .M2@
section .v;2
section .'xa
section {u'size_of_data': u'0x0103c000', u'virtual_address': u'0x00c5f000', u'entropy': 7.912727162740583, u'name': u".'xa", u'virtual_size': u'0x0103bf68'} entropy 7.91272716274 description A section with a high entropy has been found
entropy 0.999819570578 description Overall entropy of this PE file is high
host 147.45.47.126
host 163.172.154.142
host 172.67.198.131
host 185.172.128.19
dead_host 192.168.56.101:49233