popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

tool.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 9:40 a.m. July 8, 2024, 9:43 a.m.
Size 5.7MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 34c704347497551c5593eeabebb7b6ce
SHA256 e26d08daf79b80174a0f87cc85a1555ef493e71a83cd27d7511910e88045dafb
CRC32 F0C4E02B
ssdeep 98304:kcRHAx+bwVIYz0mgOUqfeThiE3Ev+0MpUfNw50pNNOj1oUUL43BTFqy+qZnia/EJ:kSs+bwVIYz0mVf2iE3rsfDijul0hbHn6
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
162.0.236.122 Active Moloch
101.35.228.105 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/08 09:40:02 Forking
console_handle: 0x000000000000000b
1 1 0
section {u'size_of_data': u'0x005aa200', u'virtual_address': u'0x00a7b000', u'entropy': 7.891946307456231, u'name': u'UPX1', u'virtual_size': u'0x005ab000'} entropy 7.89194630746 description A section with a high entropy has been found
entropy 0.999913807964 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
cmdline whoami
host 162.0.236.122
host 101.35.228.105
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
dead_host 162.0.236.122:80
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Supershell.m!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.tc
Cylance Unsafe
VIPRE Trojan.GenericKD.73385532
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005b6c9a1 )
BitDefender Trojan.GenericKD.73385532
K7GW Trojan ( 005b6c9a1 )
Cybereason malicious.474975
Arcabit Trojan.Generic.D45FC63C
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/Kryptik.FF
APEX Malicious
McAfee Artemis!34C704347497
Avast Win64:Evo-gen [Trj]
Kaspersky Backdoor.Win64.Supershell.ca
Alibaba Trojan:Win64/Kryptik.0998e8f6
MicroWorld-eScan Trojan.GenericKD.73385532
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Trojan.GenericKD.73385532 (B)
F-Secure Trojan.TR/Redcap.wjlfg
McAfeeD ti!E26D08DAF79B
FireEye Trojan.GenericKD.73385532
Sophos Mal/Generic-S
Ikarus Trojan.WinGo.Injector
Google Detected
Avira TR/Redcap.wjlfg
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm Backdoor.Win64.Supershell.ca
GData Win64.Trojan.Agent.YEO0LJ
Varist W64/Agent.FXW.gen!Eldorado
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3737294752
MAX malware (ai score=87)
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.FF!tr
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Multi/Kryptik.F#