popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rise2806.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 1, 2024, 9:36 a.m. July 1, 2024, 9:42 a.m.
Size 1.8MB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 97768ab0a4837757b74de2ae892badab
SHA256 0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77
CRC32 654D0EF5
ssdeep 49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .BsS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x5e01cb
        

      
    
  
    
      
        registers.esp:
        35126356
        

      
        registers.edi:
        1969008856
        

      
        registers.eax:
        1968766976
        

      
        registers.ebp:
        637
        

      
        registers.edx:
        1969006304
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1970143252
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          536
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x005e0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00193a00', u'virtual_address': u'0x00030000', u'entropy': 7.999418911904545, u'name': u'.data', u'virtual_size': u'0x00194934'}
                                        
                                    
                                        
                                            entropy
                                            7.9994189119
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.891988950276
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.tc
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    BitDefender
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Arcabit
                                    Trojan.Lazy.D88C15
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXDB
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    ClamAV
                                    Win.Keylogger.Lazy-10031941-0
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan-PSW.Win32.Stealerc.gen
                                    
                                


                            

                        

                            

                                

                                    MicroWorld-eScan
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Stealer.Reline!8.132F4 (TFE:5:glZK8UokgrV)
                                    
                                


                            

                        

                            

                                

                                    Emsisoft
                                    Gen:Variant.Lazy.560149 (B)
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!0F88EA51A56D
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.97768ab0a4837757
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    ML/PE-A
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    MAX
                                    malware (ai score=81)
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Sabsik.FL.B!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan-PSW.Win32.Stealerc.gen
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    BScope.TrojanPSW.MSIL.Convagent
                                    
                                


                            

                        

                            

                                

                                    Panda
                                    Trj/Genetic.gen
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_90% (D)