popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

201.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 15, 2024, 4:37 p.m. July 15, 2024, 4:48 p.m.
Size 389.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 01bf430eb3aae589ef6d4cdfcaa280b3
SHA256 629858754aeb2aa30bfa440445edc9d928b03443f136a9fc7ec9373a1011320d
CRC32 C886642B
ssdeep 6144:blILDyciFkeLnCUcx/IcoN6O2MW60/1oJiTqEfgv+cyTI9n0Q2di8QEO:bMiFHnC59d/15fMuTIn0ni8QEO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77919e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7581d141
201+0x6bc3 @ 0x176bc3
201+0xa3c2 @ 0x17a3c2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77919e58
registers.esp: 3210348
registers.edi: 3735552
registers.eax: 4294967288
registers.ebp: 3210392
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 3735552
1 0 0

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x5401cb
        

      
    
  
    
      
        registers.esp:
        35257960
        

      
        registers.edi:
        1969008856
        

      
        registers.eax:
        1968766976
        

      
        registers.ebp:
        637
        

      
        registers.edx:
        1969006304
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1970143252
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2040
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00540000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x0002a400', u'virtual_address': u'0x00034000', u'entropy': 7.96769574725443, u'name': u'.data', u'virtual_size': u'0x0002b35c'}
                                        
                                    
                                        
                                            entropy
                                            7.96769574725
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.445910290237
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXIV
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:CrypterX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    ClamAV
                                    Win.Keylogger.Lazy-10031941-0
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Stealer.Reline!8.132F4 (TFE:5:jdqsHII0Q6B)
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!629858754AEB
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.01bf430eb3aae589
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan-Spy.LummaStealer
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Sabsik.RD.A!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan-PSW.Win32.Reline.gen
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/Kryptik.MJE.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    Gen:NN.ZexaF.36808.yqY@am4B4j
                                    
                                


                            

                        

                            

                                

                                    Panda
                                    Trj/Genetic.gen
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    MaxSecure
                                    Trojan.Malware.300983.susgen
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:CrypterX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (D)