Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 23, 2024, 2:53 p.m.	July 23, 2024, 2:55 p.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6a2cdd8709524999190f4b43a83108c9`
SHA256	`bd0f954149173d3f5766eee5bd78d5f27ea1ea69667da7b3970b0e6154afc85f`
CRC32	`AD615528`
ssdeep	`24576:ToaZhvL2xgUgoJU72/LV5P3bhIqCl1xlaxqBmdq5:Z6xgUgoJUcaqCDxv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MAD

Foreign language identified in PE resource (15 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015911c

size

0x00000468

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0018a8a0

size

0x000000bc

name

RT_MANIFEST

language

LANG_CHINESE

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0018ac68

size

0x00000352

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)

DrWeb

Program.Unwanted.5065

Setup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All