Summary | ZeroBOX

system.exe

Emotet Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Admin Tool (Sysinternals etc ...) dll PE File OS Processor Check PE32 ZIP Format DLL DllRegisterServer
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 5, 2024, 7:45 a.m. Aug. 5, 2024, 7:51 a.m.
Size 14.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b79c7a3ce694f09a0b4aaa70a4c9fd29
SHA256 d390da62f1e8d55a5ebbb805bce89ba3036d05950684a1ac3e57ef011d08b31a
CRC32 7207CC40
ssdeep 393216:0HcgjmZZqbPmYRQK7+TvFDbQlNvoNG31QF7+okgc:GjmXqbrRQRvFDbKB1Iqx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ASPack_Zero - ASPack packed file
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
file C:\Users\test22\AppData\Local\Temp\_MEI3162\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Pythonwin\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\pywin32_system32\pywintypes38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\python38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\pywin32_system32\pythoncom38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\bcrypt\_bcrypt.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_chacha20.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_arc2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\PublicKey\_ec_ws.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Util\_cpuid_c.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_SHA512.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_cast.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_ofb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_SHA384.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_overlapped.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_MD4.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_BLAKE2b.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\win32\_win32sysloader.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_ssl.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_ecb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\PublicKey\_ed25519.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_poly1305.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Math\_modexp.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_socket.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_queue.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\PublicKey\_ed448.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_keccak.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\pywin32_system32\pywintypes38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_multiprocessing.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_MD5.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_cfb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_asyncio.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_ghash_portable.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\win32\win32trace.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\win32\win32api.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Protocol\_scrypt.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_blowfish.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_ctypes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_aesni.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_decimal.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\unicodedata.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_aes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Util\_strxor.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_cffi_backend.cp38-win32.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Hash\_BLAKE2s.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_cbc.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_ocb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Pythonwin\win32ui.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_hashlib.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\Crypto\Cipher\_raw_eksblowfish.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI3162\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI3162\_bz2.pyd
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00039000', u'entropy': 7.55494386335892, u'name': u'.rsrc', u'virtual_size': u'0x0000f41c'} entropy 7.55494386336 description A section with a high entropy has been found
entropy 0.218472468917 description Overall entropy of this PE file is high