popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

2023.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 26, 2024, 10:38 a.m. July 26, 2024, 10:41 a.m.
Size 582.0KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 a2348de3f84a433171df2f2d09b036aa
SHA256 1ca9658cf5042ab654af76e976e17a166aabed44b1f1b63ee1c7cb307e86bb4f
CRC32 D8B6609A
ssdeep 6144:zU39qW9qNfptSsjsA9VAHKU64ur8+/Q5AiTeq+8JpY:zK0W9SfrSsjsA7gv64gAmKJ
PDB Path C:\Users\King Kool Savas\source\repos\Exploit\x64\Debug\Exploit.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path C:\Users\King Kool Savas\source\repos\Exploit\x64\Debug\Exploit.pdb
section .textbss
section .msvcjmc
section .00cfg
section _RDATA
packer Microsoft Visual C++ V8.0 (Debug)
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
2023+0x39577 @ 0x13f899577
2023+0x3b120 @ 0x13f89b120
2023+0x3bb68 @ 0x13f89bb68
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 8b 00 48 89 45 28 eb 08 48 c7 45 28 00 00 00
exception.symbol: 2023+0x39577
exception.instruction: mov rax, qword ptr [rax]
exception.module: 2023.exe
exception.exception_code: 0xc0000005
exception.offset: 234871
exception.address: 0x13f899577
registers.r14: 0
registers.r15: 0
registers.rcx: 4641920847096222077
registers.rsi: 0
registers.r10: 5360713728
registers.rbx: 0
registers.rsp: 1243664
registers.r11: 514
registers.r8: 2
registers.r9: 5360968696
registers.rdx: 1999623824
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 4641920847096222077
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1952
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000004f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh Artemis!Trojan
Cylance Unsafe
Sangfor Exploit.Win64.CVE.Vfq1
K7AntiVirus Trojan ( 005a6d8e1 )
K7GW Trojan ( 005a6d8e1 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win64/Exploit.Agent.BZ
APEX Malicious
McAfee Artemis!A2348DE3F84A
Avast Win64:Trojan-gen
Alibaba Exploit:Win64/CVE-2023-29336.5db15185
Rising Exploit.CVE-2023-29336!8.186AD (TFE:5:pYyFPw2ioPP)
F-Secure Trojan.TR/Agent_AGen.tyetv
Zillya Trojan.AgentAGen.Win64.1605
TrendMicro TROJ_GEN.R002C0DFG24
McAfeeD ti!1CA9658CF504
FireEye Generic.mg.a2348de3f84a4331
Sophos Mal/PEExp-A
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Agent_AGen.tyetv
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft Exploit:Win64/CVE-2023-29336.A!MTB
GData Win32.Malware.Exploit.Z7X18F@gen
Varist W64/ABRisk.XEXZ-4602
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2020009883
Ikarus Exploit.Agent
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0DFG24
Tencent Win32.Trojan.Agent.Xmhl
Fortinet W64/Agent_AGen.NJ!tr
AVG Win64:Trojan-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Exploit:Win/Agent.BO