popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

2.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 5, 2024, 7:45 a.m. Aug. 5, 2024, 7:54 a.m.
Size 576.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ae787a8df10831e433bd33b6674e612e
SHA256 49dc64191a08c389e43a7b765975fe2119b0b5228172fbf5e76d5cabd9afc80e
CRC32 509FEF84
ssdeep 12288:8JrRgDmuKtJkJ5HHywk3Ta77Hp0fWAUmB2mdlACvYFLWqoMy:8vluKtKcUCvYFLWqoMy
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
23.224.196.180 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x5c0032
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x5c0032
registers.r14: 1453503984
registers.r15: 0
registers.rcx: 110
registers.rsi: 110
registers.r10: 0
registers.rbx: 6029784
registers.rsp: 3731784
registers.r11: 514
registers.r8: 8791744913672
registers.r9: 0
registers.rdx: 2004821600
registers.r12: 16
registers.rbp: 6029324
registers.rdi: 0
registers.rax: 0
registers.r13: 3866448
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000005c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
host 23.224.196.180
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49163
dead_host 192.168.56.103:49162
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49164
dead_host 23.224.196.180:59978
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49166