popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

word.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 11, 2024, 1:20 p.m. July 11, 2024, 1:37 p.m.
Size 139.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c228866013dfbaa6b00afc77f1409d8c
SHA256 632f29ffde11458d77e6988a9bb38dece7e5818d752abd9c09823319e4869d08
CRC32 27F8E06A
ssdeep 3072:co+FL/RCBJjTvbMcct40NgHX8oiuTF+ifqXmL0JmCwQusodEnpgbLxVE:uFL/R0JPbMUUgHXdF+37wQusoKpgblVE
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
156.238.234.187 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .retplne
section .voltbl
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
SetupScanFileQueueA+0x30 SetupSetNonInteractiveMode-0x1db4 setupapi+0x87b9c @ 0x7fefecf7b9c
SetupScanFileQueueA+0x1d6 SetupSetNonInteractiveMode-0x1c0e setupapi+0x87d42 @ 0x7fefecf7d42

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol: SetupScanFileQueueA+0x30 SetupSetNonInteractiveMode-0x1db4 setupapi+0x87b9c
exception.address: 0x7fefecf7b9c
registers.r14: 8791778098498
registers.r15: 0
registers.rcx: 110
registers.rsi: 4294967295
registers.r10: 0
registers.rbx: 8791778098498
registers.rsp: 35781072
registers.r11: 514
registers.r8: 8791734886664
registers.r9: 0
registers.rdx: 1994794592
registers.r12: 13369356
registers.rbp: 8791778098498
registers.rdi: 8791778098498
registers.rax: 0
registers.r13: 8791778098498
1 0 0
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
Skyhigh BehavesLike.Win64.Trojan.cc
Kaspersky HEUR:Trojan.Win32.Generic
ZoneAlarm HEUR:Trojan.Win32.Generic
DeepInstinct MALICIOUS
section {u'size_of_data': u'0x00000400', u'virtual_address': u'0x00004000', u'entropy': 7.464676158190985, u'name': u'.data', u'virtual_size': u'0x000009e0'} entropy 7.46467615819 description A section with a high entropy has been found
section {u'size_of_data': u'0x0001fa00', u'virtual_address': u'0x00009000', u'entropy': 7.984975890900626, u'name': u'.rsrc', u'virtual_size': u'0x0001f96a'} entropy 7.9849758909 description A section with a high entropy has been found
entropy 0.923913043478 description Overall entropy of this PE file is high
host 156.238.234.187
dead_host 192.168.56.101:49171
dead_host 192.168.56.101:49170
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49166
dead_host 156.238.234.187:3306
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49173
dead_host 192.168.56.101:49172
dead_host 192.168.56.101:49163