popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vidar2806.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 1, 2024, 9:36 a.m. July 1, 2024, 9:38 a.m.
Size 420.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f88272ea7674d3acedd8adcf7643c598
SHA256 fad264acc346be1e63cd47611cd305cb9c894a13843119e22e87744808295387
CRC32 CADCE8BA
ssdeep 12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .BsS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x3501cb
        

      
    
  
    
      
        registers.esp:
        13237640
        

      
        registers.edi:
        1973072088
        

      
        registers.eax:
        1972830208
        

      
        registers.ebp:
        632
        

      
        registers.edx:
        1973069536
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1973551114
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00350000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00035000', u'virtual_address': u'0x00034000', u'entropy': 7.984268247554248, u'name': u'.data', u'virtual_size': u'0x000360f4'}
                                        
                                    
                                        
                                            entropy
                                            7.98426824755
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.50536352801
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    MicroWorld-eScan
                                    Gen:Variant.Ser.Zusy.5124
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.gc
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    K7AntiVirus
                                    Trojan ( 005b74571 )
                                    
                                


                            

                        

                            

                                

                                    BitDefender
                                    Gen:Variant.Ser.Zusy.5124
                                    
                                


                            

                        

                            

                                

                                    K7GW
                                    Trojan ( 005b74571 )
                                    
                                


                            

                        

                            

                                

                                    Arcabit
                                    Trojan.Ser.Zusy.D1404
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXDB
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Stealer.Convagent!8.1326D (TFE:5:niRPZnl53BP)
                                    
                                


                            

                        

                            

                                

                                    Emsisoft
                                    Gen:Variant.Ser.Zusy.5124 (B)
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    AI:Packer.706B8A0421
                                    
                                


                            

                        

                            

                                

                                    TrendMicro
                                    Mal_Locky-1
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    Real Protect-LS!F88272EA7674
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.f88272ea7674d3ac
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    Mal/Krypt-E
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan-Spy.LummaStealer
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    MAX
                                    malware (ai score=89)
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/RedLine.MAZ!MTB
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Gen:Variant.Ser.Zusy.5124
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/Kryptik.MJE.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    AhnLab-V3
                                    Trojan/Win.Locky.C5645190
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    BScope.TrojanPSW.MSIL.Convagent
                                    
                                


                            

                        

                            

                                

                                    Malwarebytes
                                    Trojan.Crypt
                                    
                                


                            

                        

                            

                                

                                    TrendMicro-HouseCall
                                    Mal_Locky-1
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    MaxSecure
                                    Trojan.Malware.300983.susgen
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (D)