popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

111.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 5, 2024, 7:45 a.m. Aug. 5, 2024, 7:49 a.m.
Size 25.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 89b20c121c799ab935bca4ce11e94b5b
SHA256 5d21f768784b90fb7cd102077b0119af94acc15e57664a6b5372b67997792364
CRC32 E6C6C2B1
ssdeep 384:va7YyEUQnBxYA1lq3VWFdhZVG0UgqGFNi:vFUaxYnkFfZVr
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
124.221.120.25 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x600061
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x600061
registers.r14: 1453503984
registers.r15: 2748028
registers.rcx: 110
registers.rsi: 463856468078
registers.r10: 0
registers.rbx: 6292010
registers.rsp: 2290232
registers.r11: 514
registers.r8: 8791744913672
registers.r9: 0
registers.rdx: 2004821600
registers.r12: 2800204
registers.rbp: 6291515
registers.rdi: 0
registers.rax: 0
registers.r13: 5418096
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000600000
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00000000004c0000
process_handle: 0xffffffffffffffff
1 0 0
host 124.221.120.25
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: èÌIÁØëz° ‹’äÇ4ãàÓÂ\Xp.(oBD0 D âö‰X]V7Ês;0ü444²ó Aí?N˜® hƒÓ›ì¾XÓAQnœÌz >`*Ó[jRþ™á›·T²?|}8ÉX‰½¶ä²µ‡;srZ:;3+ÜE'¬,¤¤¤R××[¼òóƒÃHðà’™™9nO_0VàŸTbF΄y/¡hÞï/@q¦+hiHpnےØÃOk[ÜÅê7o+ ºóòÚ:{èÔFÍma&‡Wƒwÿ·6äMì¤ù#Rˆ)nÅ‰òÞü9“ll²Ã°æI›lÛÚٔ5__æ–dÈ]«.ZX•3xíó¿´Eð²ðG]¤Sv<´ú+áJ{# ½r³ãPí'‘7WÄWWW§ý¥ªkÊL§¾¾<q¾w´åƒåäRãUðEÒꕾ¥Úq9.ïGv["àMz3‘ùõÇcß^ñXòWÀ†¢ât@ŸÇ¬›„„„pÚ²Ìÿÿÿ¤­MêKOOOOîªßeó‰tY.߇î¢ã¤š™˜—VÛè/}8xI/ÇB=æc›ŠïpqqaՔCL°:;;».]4ÎÏÏ癘—5òR–ÜÂMðB¸rÀFC˜È-º$÷Ó0š‹›Üôôð ¡È' ÷áñ¼£Ã{µ0%áÊÄwJÍmºI“€ñia§Ÿ»¸ûªW€ÕúðA¨)¬áDÝK?ÅÕFÕ/¶lñžR| ,Â]¨%•ô~×%’©qºé;û•Qj¤ãrÜ&¥,¿É]}4ؕ®nº6ŸóFÀªe øDR’×Cc˜ÐB,âŠZ?ä¨_dU__Øè;Q õúEÚªYõN‘Ds<õŠÛ<íðåÇÚ+ÙmSÚÔÉã àã£ÌŠ´,* ÇǪ阕eÎÀ°=‰Ð™[O§I/çø7'/”E²]ñU¼ÙˆFùÐm2äji[@˜-FòsÔª!sèÓ[Å6u\ß ¾s³äÚígMö‚ØŽY¹‹ó&èìƒ8ÆV¬sõYü‡,cøS36büò‚¹è&6Ÿ}ÙғëN1ºÐÉÞR›bl}ˑJêw ö CêÅñ—ËËr,’'yώ[ÓÐå___Ÿž&”¥œÜÜÜÚ[ÑAÁHQ Ùmø XGF/ބ鳂::˜Á¶OîP:ª£½¸m!ž¼¹qùÕPGˆCÆäm:Rê"`eeeeE‘‚”Ž¿mËõ§F7å‰Gu@<ÎòTAZër¤AB ¯ÍdëXHaÍAÁBYAjÂ\ãIƒðë®t5cAr;!oBAÿâ
base_address: 0x0000000000600000
process_identifier: 1680
process_handle: 0xffffffffffffffff
1 1 0
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 124.221.120.25:6555
dead_host 192.168.56.103:49173
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166