popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

public.exe

Malicious Packer UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 6, 2024, 9:20 a.m. Aug. 6, 2024, 9:27 a.m.
Size 29.5KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 099b959c7202e63afb435cb3bbbf25c8
SHA256 494e94d57ca2260c30b5d52ac414a2c8600eab38d08edb273832cee82685e1d8
CRC32 9378464A
ssdeep 384:1hILRmKwRxYaK666Q39pNiJBuXMFAqIqIr4ahKaYfziTz+3jpYd/Pt4T:1hILRmKwR2aZW9zilFd+zSOTS3Ko
PDB Path E:\source\SSP_Exec\x64\Release\SSP_Exec.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path E:\source\SSP_Exec\x64\Release\SSP_Exec.pdb
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
public+0x14a9 @ 0x13faf14a9
public+0x176d @ 0x13faf176d
public+0x3110 @ 0x13faf3110
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 0f b6 01 48 8b f9 0f b6 51 01 3a c2 75 05 80 fa
exception.symbol: public+0x14a9
exception.instruction: movzx eax, byte ptr [rcx]
exception.module: public.exe
exception.exception_code: 0xc0000005
exception.offset: 5289
exception.address: 0x13faf14a9
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 279949729737217
registers.rbx: 0
registers.rsp: 3145440
registers.r11: 279946199973953
registers.r8: 3930192
registers.r9: 8791596062888
registers.rdx: 3934192
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 8791596283928
registers.r13: 0
1 0 0
Elastic malicious (moderate confidence)
APEX Malicious
McAfeeD ti!494E94D57CA2
Microsoft Trojan:Win32/Casdet!rfn