popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Final Draft.exe

Emotet Generic Malware Malicious Library UPX PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 19, 2024, 7:16 p.m. July 19, 2024, 7:17 p.m.
Size 48.0MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 00537f781b10d766813b9d5987edde1a
SHA256 7dfe0544bea5dc69c1e697af9362ee4f45ba5b273ffded771a671d8752e4bc22
CRC32 7F6844CB
ssdeep 196608:U4IMm5ygEvAsrXAktWpHD7GVh2wv9c++Pqoi+SWSMD/RNxi6FLOyomFHKnP:hIJREvp1O0l1gPJSWDDbzF
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .shr
section .gfids
section .giats
section .X|"
section .mZ}
section .9i+
resource name AFX_DIALOG_LAYOUT
resource name AVI
resource name PNG
resource name STYLE_XML
resource name None
Rising Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:lEgwDlz5SK87EBd9+BXVzg)
F-Secure Trojan.TR/Crypt.XPACK.Gen
Trapmine malicious.moderate.ml.score
Ikarus PUA.MSIL.Vmprotect
Webroot W32.Malware.Gen
Avira TR/Crypt.XPACK.Gen
Gridinsoft Trojan.Heur!.02291021
section {u'size_of_data': u'0x00802e00', u'virtual_address': u'0x01413000', u'entropy': 7.882878317070821, u'name': u'.9i+', u'virtual_size': u'0x00802d3c'} entropy 7.88287831707 description A section with a high entropy has been found