popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AdBlock-1.7.5-install.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 21, 2024, 4:40 p.m. June 21, 2024, 4:42 p.m.
Size 2.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 85a156ed1856c0eda8d7d6b60ef9ab31
SHA256 f4e2ecf1687aeb33747d1647221b97049762108dc1445d2677a4f5976ae4362b
CRC32 4EAC4E95
ssdeep 49152:Mt7sX+x2XAGZkuT/Ymi9AGVxC+N7h55KBO8t64jF5gfqnO:6EyJcjjQfqn
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
adblock-1+0x233537 @ 0x13f963537
adblock-1+0x236a3a @ 0x13f966a3a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: cc 48 8b 84 24 30 47 01 00 48 8b 8c 24 d8 84 01
exception.symbol: adblock-1+0x233537
exception.instruction: int3
exception.module: AdBlock-1.7.5-install.exe
exception.exception_code: 0x80000003
exception.offset: 2307383
exception.address: 0x13f963537
registers.r14: 0
registers.r15: 0
registers.rcx: 1993873610
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1703872
registers.r11: 582
registers.r8: 1495336
registers.r9: 0
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: -1073741819
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x0003b400', u'virtual_address': u'0x00245000', u'entropy': 7.729264384186929, u'name': u'.rdata', u'virtual_size': u'0x0003b2b4'} entropy 7.72926438419 description A section with a high entropy has been found
section {u'size_of_data': u'0x00032e00', u'virtual_address': u'0x00281000', u'entropy': 7.973292244899298, u'name': u'.data', u'virtual_size': u'0x00038ca8'} entropy 7.9732922449 description A section with a high entropy has been found
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Gatak.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Gatak
ALYac Trojan.GenericKD.72876461
Cylance Unsafe
VIPRE Trojan.GenericKD.72876461
Sangfor Trojan.Win64.Gatak.Vcjh
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Trojan.GenericKD.72876461
K7GW Riskware ( 00584baa1 )
Cybereason malicious.d1856c
Arcabit Trojan.Generic.D45801AD
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GYOY
APEX Malicious
Avast Win64:TrojanX-gen [Trj]
Kaspersky Trojan.Win32.Gatak.fkp
Alibaba Trojan:Win32/Gatak.dc930dc3
MicroWorld-eScan Trojan.GenericKD.72876461
Rising Trojan.Gatak!8.517 (C64:YzY0Og1zgZH+0uIA)
Emsisoft Trojan.GenericKD.72876461 (B)
F-Secure Trojan.TR/Gatak.qoscg
Zillya Trojan.Gatak.Win32.369
TrendMicro TROJ_GEN.R002C0XET24
McAfeeD ti!F4E2ECF1687A
FireEye Generic.mg.85a156ed1856c0ed
Sophos Mal/Generic-S
Ikarus Trojan.Gatak
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Gatak.qoscg
MAX malware (ai score=84)
Antiy-AVL Trojan/Win32.Gatak
Kingsoft Win32.Trojan.Gatak.fkp
Microsoft Trojan:Win64/CobaltStrike.PK!MTB
ZoneAlarm Trojan.Win32.Gatak.fkp
GData Trojan.GenericKD.72876461
Varist W64/ABRisk.OGGJ-0017
DeepInstinct MALICIOUS
VBA32 Trojan.Gatak
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XET24
Yandex Trojan.Gatak!OiVkHKNpHHs
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet W32/PossibleThreat
AVG Win64:TrojanX-gen [Trj]
Paloalto generic.ml