popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

judit1.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 25, 2024, 8:48 a.m. July 25, 2024, 8:55 a.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 c8cf26425a6ce325035e6da8dfb16c4e
SHA256 9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4
CRC32 147491E5
ssdeep 196608:SnvxO+j9q6y7PuZANMCgvUF+j6yrO5H+KB4kj6vgC51U7BlUdinrDRQF6f1:WvxPBly7Pumdgv9RrOF+LkGvgMGBa4n7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004910000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\python3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\stub.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\vcruntime140.dll
section {u'size_of_data': u'0x00a9e200', u'virtual_address': u'0x00038000', u'entropy': 7.999120584634577, u'name': u'.rsrc', u'virtual_size': u'0x00a9e040'} entropy 7.99912058463 description A section with a high entropy has been found
entropy 0.988184503522 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2064_133663637273437500\stub.exe
Bkav W64.AIDetectMalware
Lionic Trojan.Win64.Agent.tsAU
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.vc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Python/Packed.Nuitka_AGen.AB suspicious
McAfee Artemis!C8CF26425A6C
Avast Win64:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Packed:Win64/Nuitka_AGen.63c4392e
F-Secure Trojan.TR/Agent.ibzty
Zillya Trojan.Alien.Win64.392
TrendMicro Trojan.Win64.AMADEY.YXEGXZ
McAfeeD ti!9F7BE9BF913D
Sophos Mal/Generic-S
Ikarus Trojan.Python.Psw
Jiangmin Trojan.PSW.Stealer.dnf
Google Detected
Avira TR/Agent.ibzty
Antiy-AVL Trojan/Win64.Agent
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Malware.Win64.Gen.tr
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm HEUR:Trojan.Win64.Agent.gen
GData Win32.Malware.Antis.74XCHJ
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.549159453
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEGXZ
Tencent Win64.Trojan.Agent.Unkl
SentinelOne Static AI - Malicious PE
Fortinet Riskware/Application
AVG Win64:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (D)