popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

54gtxx.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 25, 2024, 8:48 a.m. July 25, 2024, 9:01 a.m.
Size 369.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 1b1c6f48b7c91a48a0dcd736ed0c8d24
SHA256 525a892469b4c88bf26e584ecf9a57c1f76aa9dd8e14d3a6840b73f59dbc5cf8
CRC32 400D9457
ssdeep 6144:w6GI/F3uwuhDo72LiYp4yH1j10sMJ45YZaZzzL3j7/YHYsI/VBnn0:w6tpBuy+H12JuZH7fw4sm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .bsS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x2001cb
        

      
    
  
    
      
        registers.esp:
        16907964
        

      
        registers.edi:
        1969008856
        

      
        registers.eax:
        1968766976
        

      
        registers.ebp:
        637
        

      
        registers.edx:
        1969006304
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1970143252
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1984
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00200000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00030800', u'virtual_address': u'0x0002b000', u'entropy': 7.976759547734797, u'name': u'.data', u'virtual_size': u'0x00031804'}
                                        
                                    
                                        
                                            entropy
                                            7.97675954773
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.526458616011
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.fc
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Worm.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXIV
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:Evo-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    ClamAV
                                    Win.Keylogger.Lazy-10031941-0
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan.Win32.Stelpak.gen
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Trojan.Stealerc!8.1840A (TFE:1:rCSQJn51qSS)
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!525A892469B4
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.1b1c6f48b7c91a48
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    ML/PE-A
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan-Spy.LummaStealer
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Antiy-AVL
                                    Trojan[PSW]/MSIL.Convagent
                                    
                                


                            

                        

                            

                                

                                    Kingsoft
                                    malware.kb.a.914
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Stealerc.GAB!MSR
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan.Win32.Stelpak.gen
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Win32.Trojan.Kryptik.BZQ20A
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    Gen:NN.ZexaF.36810.xuW@aKL@Lc
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    BScope.TrojanPSW.Vidar
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    MaxSecure
                                    Trojan.Malware.300983.susgen
                                    
                                


                            

                        

                            

                                

                                    Fortinet
                                    W32/Kryptik.HXIV!tr
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:Evo-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (W)