popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

UpdaterR.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 4, 2024, 4:54 p.m. July 4, 2024, 4:57 p.m.
Size 47.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 be101f8181d00ee2196fbc988d85d7d3
SHA256 a1b36b37454873c6afe0f5822e343a029b9724ee07ec6ae4243d5a688e9a84c7
CRC32 AE060F0F
ssdeep 768:IFL4OV4w9yKeW8AopyKYZ3qFYsXR/nbBgQroqWIHplBa2pcbJdWbvE0O0vfq3:IO0rbaL8rstNcqWocNdAK0Hq3
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.197.154.116 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000ae00', u'virtual_address': u'0x0000d000', u'entropy': 7.904246301881906, u'name': u'UPX1', u'virtual_size': u'0x0000b000'} entropy 7.90424630188 description A section with a high entropy has been found
entropy 0.945652173913 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 89.197.154.116
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Swrort.4!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
ALYac Generic.ShellCode.Marte.3.E7C6BFE3
Cylance Unsafe
VIPRE Generic.ShellCode.Marte.3.E7C6BFE3
Sangfor Suspicious.Win32.Save.a
BitDefender Generic.ShellCode.Marte.3.E7C6BFE3
Cybereason malicious.181d00
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Rozena.ZL
APEX Malicious
Avast Win32:Evo-gen [Trj]
ClamAV Win.Trojan.Swrort-5710536-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win32/CobaltStrike.5c89
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
MicroWorld-eScan Generic.ShellCode.Marte.3.E7C6BFE3
Rising HackTool.Swrort!1.6477 (CLOUD)
Emsisoft Generic.ShellCode.Marte.3.E7C6BFE3 (B)
F-Secure Trojan.TR/Crypt.ZPACK.Gen
Zillya Trojan.RozenaGen.Win32.2
TrendMicro Backdoor.Win32.SWRORT.SMAL01
McAfeeD Real Protect-LS!BE101F8181D0
Trapmine malicious.high.ml.score
FireEye Generic.mg.be101f8181d00ee2
Sophos Mal/Generic-S
Ikarus Trojan.Agent
Webroot W32.Trojan.Swrort.Gen
Google Detected
Avira TR/Crypt.ZPACK.Gen
Antiy-AVL Trojan/Win32.Rozena
Kingsoft malware.kb.b.951
Gridinsoft Trojan.Win32.Agent.sa
Xcitium TrojWare.Win32.Rozena.A@4jwdqr
Arcabit Generic.ShellCode.Marte.3.E7C6BFE3
ZoneAlarm HEUR:Trojan.Win32.Generic
Varist W32/Swrort.B.gen!Eldorado
AhnLab-V3 Backdoor/Win32.Bifrose.R12476
BitDefenderTheta Gen:NN.ZexaF.36808.cmKfay8BMrki
DeepInstinct MALICIOUS
VBA32 Trojan.Swrort
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
TrendMicro-HouseCall Backdoor.Win32.SWRORT.SMAL01
Tencent Trojan.Win32.CobaltStrike.16001078
Yandex Trojan.GenAsa!O0/tdGI4TGA
MAX malware (ai score=84)
MaxSecure Trojan.Malware.300983.susgen
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49161
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49163
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49169
dead_host 89.197.154.116:7810
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166