popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ORES.txt.exe

RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 4, 2024, 9:49 a.m. July 4, 2024, 9:49 a.m.
Size 292.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 aec77fe6b8457d2c380dd5c4bfb025a2
SHA256 16f25811c06ecc4ded953d7230170fb03d6534f39171530c1fec2d86699ab392
CRC32 474ED9F0
ssdeep 6144:eDKW1Lgbdl0TBBvjc/EHjnM79iYtUOcA/zPLAskYf5IfehPVL5d:4h1Lk70TnvjccHk9tjcA/zPLArYueh9L
PDB Path
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • UltraVNC_Zero - UltraVNC
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path
section {u'size_of_data': u'0x00027400', u'virtual_address': u'0x00026000', u'entropy': 7.996830101232374, u'name': u'.rsrc', u'virtual_size': u'0x00027270'} entropy 7.99683010123 description A section with a high entropy has been found
entropy 0.537671232877 description Overall entropy of this PE file is high