popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

YesTraderRun.exe

Generic Malware Anti_VM PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 27, 2024, 8:30 p.m. July 27, 2024, 8:30 p.m.
Size 3.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0c95469e9ee3bc62c0678d7ae0bed71c
SHA256 48a6c314ac7ce2ae781a998c3435cb5504827ff65101857cc6f9ede52292dd0f
CRC32 A6116F6E
ssdeep 49152:o9NAuIyhKdCyAQwBffAHTCzCfA6my8dHF9dSV/ALHHoIRLAiq/G3dTAQLEczqYI:Cq8yjqffvzQt8H9ctAoIhLNU
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • themida_packer - themida packer
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
section .themida
section .boot
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 12288, next free block index 40, next free block 390960407, next used block 2484555157 sublanguage SUBLANG_KOREAN offset 0x00218e10 size 0x00003228
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 12288, next free block index 40, next free block 390960407, next used block 2484555157 sublanguage SUBLANG_KOREAN offset 0x00218e10 size 0x00003228
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 12288, next free block index 40, next free block 390960407, next used block 2484555157 sublanguage SUBLANG_KOREAN offset 0x00218e10 size 0x00003228
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 12288, next free block index 40, next free block 390960407, next used block 2484555157 sublanguage SUBLANG_KOREAN offset 0x00218e10 size 0x00003228
name RT_GROUP_ICON language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0021c048 size 0x0000003e
Cylance Unsafe
VBA32 BScope.TrojanBanker.ClipBanker
section {u'size_of_data': u'0x00052000', u'virtual_address': u'0x00001000', u'entropy': 7.9872072659632, u'name': u' ', u'virtual_size': u'0x000f4bac'} entropy 7.98720726596 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000d000', u'virtual_address': u'0x000f6000', u'entropy': 7.9524571579042105, u'name': u' ', u'virtual_size': u'0x0004123c'} entropy 7.9524571579 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000c00', u'virtual_address': u'0x00138000', u'entropy': 7.516213096940729, u'name': u' ', u'virtual_size': u'0x000b7e44'} entropy 7.51621309694 description A section with a high entropy has been found
section {u'size_of_data': u'0x00001800', u'virtual_address': u'0x001f0000', u'entropy': 7.80908327713209, u'name': u' ', u'virtual_size': u'0x0001b6f6'} entropy 7.80908327713 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003000', u'virtual_address': u'0x0020c000', u'entropy': 7.9342239053268715, u'name': u' ', u'virtual_size': u'0x00007a09'} entropy 7.93422390533 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006400', u'virtual_address': u'0x00216000', u'entropy': 7.205401166854755, u'name': u'.rsrc', u'virtual_size': u'0x00006400'} entropy 7.20540116685 description A section with a high entropy has been found
section {u'size_of_data': u'0x002f1400', u'virtual_address': u'0x006ff000', u'entropy': 7.957822825157951, u'name': u'.boot', u'virtual_size': u'0x002f1400'} entropy 7.95782282516 description A section with a high entropy has been found
entropy 0.998693190068 description Overall entropy of this PE file is high