popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

qNVQKFyM.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 29, 2024, 3:15 p.m. June 29, 2024, 3:18 p.m.
Size 3.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 78a7612603af19fb92d614af1e769f2a
SHA256 73399ca48340bd7a31da27d573966f23371fe4ea82625ee3b7ce2772386b9e04
CRC32 CFD365F2
ssdeep 49152:LdbIKJzytEyM67fYoiJTwC/rMIqLwRjwVofSOtGhpGjyxqRlEBPPmgtPXVMNmIqK:RfgEy7755yrkwVwVWSqjePZ9Xg5cI
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .retplne
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
qnvqkfym+0x50597 @ 0x13f870597
qnvqkfym+0x63752 @ 0x13f883752
qnvqkfym+0x6497c @ 0x13f88497c
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 88 04 11 b8 08 a4 1e 2f e9 cc 08 fe ff 8b 05 66
exception.symbol: qnvqkfym+0x50597
exception.instruction: mov byte ptr [rcx + rdx], al
exception.module: qNVQKFyM.exe
exception.exception_code: 0xc0000005
exception.offset: 329111
exception.address: 0x13f870597
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 1371405320132390021
registers.rbx: 0
registers.rsp: 2422784
registers.r11: 4635884039745856479
registers.r8: -9137671701141961317
registers.r9: -6330537838371723943
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 233
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00325000', u'virtual_address': u'0x00067000', u'entropy': 7.999935359703073, u'name': u'.data', u'virtual_size': u'0x00325544'} entropy 7.9999353597 description A section with a high entropy has been found
section {u'size_of_data': u'0x00008c00', u'virtual_address': u'0x00391000', u'entropy': 7.960424986114587, u'name': u'.rsrc', u'virtual_size': u'0x00008a04'} entropy 7.96042498611 description A section with a high entropy has been found
entropy 0.889101338432 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Shellcode.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
Skyhigh Artemis!Trojan
Cylance Unsafe
Sangfor Trojan.Win64.Shellcode.Vjgn
McAfee Artemis!78A7612603AF
Kaspersky Trojan.Win64.Shellcode.xa
Alibaba Trojan:Win64/Shellcode.d2fdf442
Rising Trojan.Shellcode!8.2FDD (CLOUD)
F-Secure Trojan.TR/AD.Nekark.pmoet
McAfeeD ti!73399CA48340
Sophos Mal/Generic-S
Ikarus Backdoor.MSIL.Rozena
Webroot W32.Trojan.Gen
Google Detected
Avira TR/AD.Nekark.pmoet
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan.Win64.Shellcode.xa
GData MSIL.Backdoor.Quasar.24VKWK
Varist W64/ABRisk.URQM-1937
DeepInstinct MALICIOUS
Malwarebytes Backdoor.Quasar
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)