popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

arpwriteIni.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 21, 2024, 3:47 p.m. June 21, 2024, 3:55 p.m.
Size 441.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8ffe154b25091cb5a8547eb4f56d112c
SHA256 21db0fda1eca852d06185e4bc4939c8979771045b9a2939ac1d45cb60d05a7d3
CRC32 DE25DADE
ssdeep 12288:oFLN7pJxDibQF4ulRCX11Ab1i0n9aMzgK+nZL3eWq/U:MN7p/DjF7CHIkozgze8
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
cmdline C:\Windows\system32\cmd.exe /c ipconfig
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 792
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: wsqmcons.exe
process_identifier: 880
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: cmd.exe
process_identifier: 776
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 1720
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 1708
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: arpwriteIni.exe
process_identifier: 1648
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 1184
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 198
family: 0
111 0
section {u'size_of_data': u'0x0005ca00', u'virtual_address': u'0x0009a000', u'entropy': 7.937082394866587, u'name': u'UPX1', u'virtual_size': u'0x0005d000'} entropy 7.93708239487 description A section with a high entropy has been found
section {u'size_of_data': u'0x00011800', u'virtual_address': u'0x000f7000', u'entropy': 7.263556107382141, u'name': u'.rsrc', u'virtual_size': u'0x00012000'} entropy 7.26355610738 description A section with a high entropy has been found
entropy 1.0 description Overall entropy of this PE file is high
process cmd.exe
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
cmdline ipconfig
cmdline C:\Windows\system32\cmd.exe /c ipconfig
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.TrojanAitInject.gc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
tehtris Generic.Malware
APEX Malicious
McAfee RDN/Generic.dx
Avast Win32:Malware-gen
Alibaba Trojan:Win32/Injector.12e2760b
McAfeeD ti!21DB0FDA1ECA
Trapmine malicious.high.ml.score
FireEye Generic.mg.8ffe154b25091cb5
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.Obfuscated
Jiangmin Trojan.Agent.epis
Google Detected
Antiy-AVL Trojan/Win32.SGeneric
Varist W32/AutoIt.XQ.gen!Eldorado
BitDefenderTheta Gen:NN.ZexaF.36806.BmGfaqZVyEmi
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4249198465
TrendMicro-HouseCall TROJ_GEN.R002H06ET24
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.PALLAS.H
AVG Win32:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (W)