popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

loader.exe

Antivirus UPX Anti_VM PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 11, 2024, 2:32 p.m. Aug. 11, 2024, 3:47 p.m.
Size 2.0MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 fd5cebded11fb4fe38b5a1fe259414ae
SHA256 04bf9303bcb11032a3e803ad4d11231b5ab6913edf38d58ea03f47180510550b
CRC32 ABCF7C5E
ssdeep 49152:3bTcJn5/GD+lmAC8n68IONNXPXj3nje5m4RxkcU5d:9izeoYxk/5d
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x000dee00', u'virtual_address': u'0x00112000', u'entropy': 6.816273883281697, u'name': u'.data', u'virtual_size': u'0x000dfc70'} entropy 6.81627388328 description A section with a high entropy has been found
entropy 0.439487305891 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.GameHack.4!c
Elastic malicious (moderate confidence)
Skyhigh BehavesLike.Win64.Downloader.th
Cylance Unsafe
Sangfor Trojan.Win32.Gamehack.Vckm
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GameHack.JJ potentially unsafe
APEX Malicious
McAfee Artemis!FD5CEBDED11F
McAfeeD ti!04BF9303BCB1
Sophos Generic Reputation PUA (PUA)
Google Detected
Antiy-AVL RiskWare/Win64.Gamehack
AhnLab-V3 Trojan/Win.Generic.C5569595
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4288902588
Ikarus Trojan.Win32.Generic
Fortinet Adware/GameHack
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (W)
alibabacloud Trojan:Win/GameHack.f4450aaa