popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

crypted.exe

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 19, 2024, 2:19 p.m. Aug. 19, 2024, 2:50 p.m.
Size 323.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 89f8854b55c785c3ff89726b7e763a33
SHA256 723c7c5bc5230f61d41202f35f78618656865646cfa7a6f5e50ba02ae9d4f465
CRC32 6284287F
ssdeep 6144:wWMfdOo4X5KBBjNcC2FUFf8oqrNWx51mRpoWaHNrp9FAhSa83LhJAhYHOGrdMEO:adb4X5KSUF90NcPNXFAhJcrdMEO
PDB Path c:\5t6lsdgfzhemf\obj\Release\G.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path c:\5t6lsdgfzhemf\obj\Release\G.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008d0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ab0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1532
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1532
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02080000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02200000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00462000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00495000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0049b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00497000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0047c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0046a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0004dc00', u'virtual_address': u'0x00002000', u'entropy': 7.994334972595286, u'name': u'.text', u'virtual_size': u'0x0004da24'} entropy 7.9943349726 description A section with a high entropy has been found
entropy 0.993610223642 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Stealerc.1m!c
Elastic malicious (high confidence)
Skyhigh Artemis!Trojan
Cylance Unsafe
Sangfor Infostealer.Msil.Agent.Vtx9
K7AntiVirus Unwanted-Program ( 700000121 )
BitDefender Gen:Variant.Lazy.588785
K7GW Unwanted-Program ( 700000121 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/GenKryptik.HATD
APEX Malicious
McAfee Artemis!89F8854B55C7
Avast FileRepMalware [Pws]
Kaspersky HEUR:Trojan-PSW.MSIL.Stealerc.gen
MicroWorld-eScan Gen:Variant.Lazy.588785
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:WVAOMakq2lZGx6y9+5we0g)
Emsisoft Gen:Variant.Lazy.588785 (B)
McAfeeD ti!723C7C5BC523
FireEye Generic.mg.89f8854b55c785c3
Sophos Mal/MSIL-KC
SentinelOne Static AI - Malicious PE
Google Detected
MAX malware (ai score=84)
Kingsoft MSIL.Trojan-PSW.Stealerc.gen
Gridinsoft Malware.Win32.RedLine.tr
Microsoft Trojan:Win32/Sabsik.FL.A!ml
ZoneAlarm HEUR:Trojan-PSW.MSIL.Stealerc.gen
GData Gen:Variant.Lazy.588785
BitDefenderTheta Gen:NN.ZemsilF.36812.um2@amZFqzb
DeepInstinct MALICIOUS
huorong Trojan/MSIL.Agent.li
AVG FileRepMalware [Pws]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (D)