Summary | ZeroBOX

%E6%88%91%E7%9A%84%E4%B8%96%E7%95%8C_%E5%AD%A4%E5%B2%9B%E6%83%8A%E9%AD%823.exe

UPX PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 4, 2024, 1:19 p.m. Aug. 4, 2024, 1:23 p.m.
Size 5.7MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 dc481056e65328f44e332a878d9e2064
SHA256 efc9e08763b007f9c9d3e6b36cd612539a54e058a6dcd488edcff4e214ca40be
CRC32 45849190
ssdeep 98304:8M+1abNYfH8kcAjW1tmmSCRaaj0iVwOC+H+BIiw37sPZ4n6VVSDtGWJkifj+7dOB:qaC3jWTaaB5C0DdrEZpQDtb7+7Q
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x005aa200', u'virtual_address': u'0x00a7b000', u'entropy': 7.8919928633257435, u'name': u'UPX1', u'virtual_size': u'0x005ab000'} entropy 7.89199286333 description A section with a high entropy has been found
entropy 0.999913807964 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.CoinMiner.tc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of WinGo/Kryptik.FF
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win64/ShellcodeRunner.0fcf943c
Rising Trojan.Agent!1.FF00 (CLOUD)
McAfeeD ti!EFC9E08763B0
Sophos Mal/Generic-S
Ikarus Trojan.WinGo.Injector
Google Detected
Antiy-AVL GrayWare/Win32.Kryptik.ffp
Kingsoft Win32.Hack.Undef.a
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win64.Trojan.Agent.11K231
Varist W64/Agent.FXW.gen!Eldorado
McAfee Artemis!DC481056E653
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R014H01H324
MaxSecure Trojan.Malware.300983.susgen
AVG Win64:Evo-gen [Trj]
CrowdStrike win/malicious_confidence_60% (W)
alibabacloud Trojan:Multi/ShellcodeRunner.GXZ#3DGW