popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup.exe

Malicious Library ASPack UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 24, 2024, 7:35 a.m. June 24, 2024, 7:38 a.m.
Size 36.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 0e12bdd2a8200d4c1f368750e2c87bfe
SHA256 af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
CRC32 CF9F21E9
ssdeep 393216:sYJEy4Te0rrigZ9BCbZPBKAgKBXSTzdOskYXXDeycerzHP+THt+/nDSpQg:sYJcrlZ9BGfg8XIJOkXXPCTV
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ASPack_Zero - ASPack packed file
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .buildid
section {u'size_of_data': u'0x016f2400', u'virtual_address': u'0x00afd000', u'entropy': 7.910258286199278, u'name': u'.rdata', u'virtual_size': u'0x016f22fc'} entropy 7.9102582862 description A section with a high entropy has been found
entropy 0.627901072913 description Overall entropy of this PE file is high
host 125.253.92.50
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GYHY
Avast Win64:DropperX-gen [Drp]
Kaspersky UDS:DangerousObject.Multi.Generic
F-Secure Trojan.TR/Crypt.Agent.nkirr
McAfeeD ti!AF77C0B6A10A
Ikarus Trojan.Win64.Agent
Google Detected
Microsoft Trojan:Win32/Sabsik.TE.B!ml
MaxSecure Win.MxResIcn.Heur.Gen
AVG Win64:DropperX-gen [Drp]