popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cliente.exe

UPX MZP Format OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 26, 2024, 6:43 p.m. July 26, 2024, 6:45 p.m.
Size 20.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3ef97e69a4c36ab5dc588a8aca155241
SHA256 db4b528c78666bcc8feeb6622207dbf856db259db055b8e92257d63da5118a87
CRC32 7B1F960C
ssdeep 393216:uUvWFI8ElR4WQXthDeUS+3jGSO3++xYRnr7qyS13Q2xTH:u2gI8Elw7r7SL+b97qyS1HxT
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .itext
section .didata
section ."Bx
section . f5
section .debug
section . "f
section .k*4
section .-r}
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
dbkFCallWrapperAddr+0x2034a87 cliente+0x24460b7 @ 0x28460b7
0x18ff94

exception.instruction_r: 90 53 bb 14 57 30 4f 9c 32 db 66 81 f3 0c 55 66
exception.symbol: dbkFCallWrapperAddr+0x208edbb cliente+0x24a03eb
exception.instruction: nop
exception.module: cliente.exe
exception.exception_code: 0x80000004
exception.offset: 38405099
exception.address: 0x28a03eb
registers.esp: 1636212
registers.edi: 0
registers.eax: 3217449211
registers.ebp: 1638240
registers.edx: 79
registers.ebx: 4194304
registers.esi: 4294967295
registers.ecx: 902
1 0 0
section {u'size_of_data': u'0x01413600', u'virtual_address': u'0x02405000', u'entropy': 7.984383379300942, u'name': u'.-r}', u'virtual_size': u'0x014134d0'} entropy 7.9843833793 description A section with a high entropy has been found
entropy 0.996630629757 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Cylance Unsafe
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
Kaspersky UDS:Trojan.Win32.Agent.xbrzjr
McAfeeD Real Protect-LS!3EF97E69A4C3
Trapmine malicious.high.ml.score
FireEye Generic.mg.3ef97e69a4c36ab5
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Gridinsoft Trojan.Heur!.02252021
ZoneAlarm UDS:Trojan.Win32.Agent.xbrzjr
DeepInstinct MALICIOUS
VBA32 Malware-Cryptor.Inject.gen
MaxSecure Trojan.Malware.300983.susgen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (D)