popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ven_protected.exe

Generic Malware UPX Anti_VM PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 26, 2024, 9:27 a.m. Aug. 26, 2024, 9:29 a.m.
Size 6.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0dd63b98bf3d7e52600b304cdf3c174
SHA256 023f2601d314d0fc9bd5a6992d33194ae1c71a559ac3c132406f2e0b88cd83d2
CRC32 EC86FB73
ssdeep 98304:IN5yA1a7c5z8Rlj3GmWEjH/XfxYzLgKK8o0wu1OudrlKv7G1Q6:ysN7HjPigKZpw+07G1b
Yara
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
62.113.117.95 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
section .imports
section .themida
section {u'size_of_data': u'0x0000876a', u'virtual_address': u'0x00002000', u'entropy': 7.9725599659340505, u'name': u' ', u'virtual_size': u'0x00012000'} entropy 7.97255996593 description A section with a high entropy has been found
section {u'size_of_data': u'0x0000a400', u'virtual_address': u'0x00014000', u'entropy': 7.178108226554099, u'name': u'.rsrc', u'virtual_size': u'0x0000a398'} entropy 7.17810822655 description A section with a high entropy has been found
host 62.113.117.95
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Skyhigh BehavesLike.Win32.Worm.vh
Cylance Unsafe
Sangfor Ransom.Win32.Save.a
VirIT Win95.Marburg
Symantec ML.Attribute.HighConfidence
APEX Malicious
McAfee Artemis!D0DD63B98BF3
Kaspersky UDS:DangerousObject.Multi.Generic
McAfeeD Real Protect-LS!D0DD63B98BF3
Trapmine malicious.high.ml.score
FireEye Generic.mg.d0dd63b98bf3d7e5
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Google Detected
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Heur!.030100A1
Microsoft Trojan:Win32/Sabsik.FL.A!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
Varist W32/Trojan.YJEH-0980
BitDefenderTheta Gen:NN.ZexaF.36812.@x0@aK6s7ef
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus Trojan.Win32.Themida
Zoner Probably Heur.ExeHeaderL
MaxSecure Trojan.Malware.300983.susgen
CrowdStrike win/malicious_confidence_100% (W)
dead_host 192.168.56.101:49268
dead_host 62.113.117.95:4449
dead_host 192.168.56.103:22