popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

UpdaterP.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 4, 2024, 5:28 p.m. July 4, 2024, 5:29 p.m.
Size 47.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 40094e123c89625468665c8c196c2ffd
SHA256 ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742
CRC32 8D70A3AF
ssdeep 768:IZD8ZuVzhUiEklhxFSAEjvhMeZuS0AE86IyjPTeThyq3:IZDsozzbSueyAXmDTAwq3
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.197.154.116 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00440000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000ae00', u'virtual_address': u'0x0000d000', u'entropy': 7.897775637089398, u'name': u'UPX1', u'virtual_size': u'0x0000b000'} entropy 7.89777563709 description A section with a high entropy has been found
entropy 0.945652173913 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 89.197.154.116
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Swrort.4!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Swrort.A
Skyhigh BehavesLike.Win32.Generic.pc
ALYac Generic.ShellCode.Marte.3.30323BD4
Cylance Unsafe
VIPRE Generic.ShellCode.Marte.3.30323BD4
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 001172b51 )
BitDefender Generic.ShellCode.Marte.3.30323BD4
K7GW Trojan ( 001172b51 )
Cybereason malicious.23c896
Arcabit Generic.ShellCode.Marte.3.30323BD4
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Rozena.ZL
APEX Malicious
McAfee GenericRXAA-AA!40094E123C89
Avast Win32:Evo-gen [Trj]
ClamAV Win.Trojan.Swrort-5710536-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:Win32/CobaltStrike.5c89
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
MicroWorld-eScan Generic.ShellCode.Marte.3.30323BD4
Rising HackTool.Swrort!1.6477 (CLOUD)
Emsisoft Generic.ShellCode.Marte.3.30323BD4 (B)
F-Secure Trojan.TR/Crypt.ZPACK.Gen
Zillya Trojan.RozenaGen.Win32.2
TrendMicro Backdoor.Win32.SWRORT.SMAL01
McAfeeD Real Protect-LS!40094E123C89
Trapmine malicious.high.ml.score
FireEye Generic.mg.40094e123c896254
Sophos Mal/Generic-S
Ikarus Trojan.Agent
Webroot W32.Trojan.Swrort.Gen
Google Detected
Avira TR/Crypt.ZPACK.Gen
Antiy-AVL Trojan/Win32.Rozena
Kingsoft malware.kb.b.949
Gridinsoft Trojan.Win32.Agent.sa
Xcitium TrojWare.Win32.Rozena.A@4jwdqr
Microsoft Trojan:Win32/Meterpreter!pz
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Win32.Trojan.PSE.1TDK453
Varist W32/Swrort.B.gen!Eldorado
AhnLab-V3 Backdoor/Win32.Bifrose.R12476
BitDefenderTheta Gen:NN.ZexaF.36808.cmKfaao3uqpi
DeepInstinct MALICIOUS
VBA32 Trojan.Swrort
dead_host 192.168.56.101:49172
dead_host 192.168.56.101:49161
dead_host 192.168.56.101:49171
dead_host 192.168.56.101:49170
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49174
dead_host 192.168.56.101:49173
dead_host 89.197.154.116:7810