popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

storyhosts.exe

Generic Malware UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 21, 2024, 3:47 p.m. June 21, 2024, 3:49 p.m.
Size 708.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 3c48dddcbad4b1bd6285722968150c80
SHA256 3c2211246c15cb72cf93da21212663ae414ce8127639785b930b52077c02478a
CRC32 43BB27FE
ssdeep 12288:j6tyWjX4LovCsYi5xYZheILnhXFTpqNTCwLpFmEGxZgtJJwtMXDJZyMndIcMQl:GUWjEmPLnIt4T5tFmEGxZg1ZNecL
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000164
process_name: mobsync.exe
process_identifier: 1712
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: pw.exe
process_identifier: 1700
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: sdclt.exe
process_identifier: 1156
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: SearchProtocolHost.exe
process_identifier: 1256
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: conhost.exe
process_identifier: 632
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: SearchFilterHost.exe
process_identifier: 1960
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: storyhosts.exe
process_identifier: 516
1 1 0

Process32NextW

 snapshot_handle: 0x00000164
process_name: pw.exe
process_identifier: 184
1 1 0
section {u'size_of_data': u'0x000aa000', u'virtual_address': u'0x0007f000', u'entropy': 7.871480226921034, u'name': u'UPX1', u'virtual_size': u'0x000aa000'} entropy 7.87148022692 description A section with a high entropy has been found
entropy 0.961810466761 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (moderate confidence)
MicroWorld-eScan Trojan.GenericKD.73077780
Skyhigh BehavesLike.Win32.TrojanAitInject.bc
ALYac Trojan.GenericKD.73077780
Cylance Unsafe
VIPRE Trojan.GenericKD.73077780
BitDefender Trojan.GenericKD.73077780
Cybereason malicious.cbad4b
tehtris Generic.Malware
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Emsisoft Trojan.GenericKD.73077780 (B)
McAfeeD Real Protect-LS!3C48DDDCBAD4
Trapmine malicious.high.ml.score
FireEye Generic.mg.3c48dddcbad4b1bd
Sophos Generic ML PUA (PUA)
Ikarus PUA.Autoit
Jiangmin Trojan.Selfdel.rvj
Google Detected
Antiy-AVL Trojan[Dropper]/Win32.Dorifel
Kingsoft malware.kb.b.779
Gridinsoft Ransom.Win32.Bladabindi.sa
Arcabit Trojan.Generic.D45B1414
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.GenericKD.73077780
DeepInstinct MALICIOUS
VBA32 Backdoor.Bladabindi
Malwarebytes Malware.AI.2852723073
TrendMicro-HouseCall TROJ_GEN.R002H09FE24
Yandex Trojan.GenAsa!NHzzuRkQa3Y
MAX malware (ai score=89)
Fortinet Riskware/Application
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (W)