popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

217.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 15, 2024, 9:27 a.m. July 15, 2024, 9:30 a.m.
Size 338.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 42e2d273ee6215957f2b979737a74b45
SHA256 1a5035edf2e2c8b92a5129e97c13e2114070d87c684a842491ebcdb3797b592f
CRC32 62A38733
ssdeep 6144:qwTS7/BpP+AegMMtRvu3LqBOkQWrpbRPSxkplz7ZfnvH2di8MEO:qPpP6gMEhNbRPwkplRSi8MEO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77919e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7581d141
217+0x6bc3 @ 0x13b6bc3
217+0xa3c2 @ 0x13ba3c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77919e58
registers.esp: 3734820
registers.edi: 4259840
registers.eax: 4294967288
registers.ebp: 3734864
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 4259840
1 0 0

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x3c01cb
        

      
    
  
    
      
        registers.esp:
        14351520
        

      
        registers.edi:
        1969008856
        

      
        registers.eax:
        1968766976
        

      
        registers.ebp:
        637
        

      
        registers.edx:
        1969006304
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1970143252
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          288
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x003c0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x0001d600', u'virtual_address': u'0x00034000', u'entropy': 7.943656290451496, u'name': u'.data', u'virtual_size': u'0x0001e55c'}
                                        
                                    
                                        
                                            entropy
                                            7.94365629045
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.358778625954
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXIV
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:CrypterX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    ClamAV
                                    Win.Keylogger.Lazy-10031941-0
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Stealer.Reline!8.132F4 (RDMK:cmRtazoF4a+nh0FFmBY)
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!1A5035EDF2E2
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.42e2d273ee621595
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan-Spy.LummaStealer
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Wacatac.B!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/Kryptik.MJE.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    Gen:NN.ZexaF.36808.vqY@aS299fb
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    BScope.TrojanPSW.Vidar
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    MaxSecure
                                    Trojan.Malware.300983.susgen
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:CrypterX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (D)