popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66d17d49c93d8_main.exe

Malicious Library UPX Malicious Packer Anti_VM PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 2, 2024, 10:12 a.m. Sept. 2, 2024, 10:35 a.m.
Size 7.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 01a3155b62c88c17d864f9fd78745902
SHA256 82475d4397b6d833a0b170945b7fb607eb82e3609dc35dc51f04884be3a91155
CRC32 53B100E2
ssdeep 98304:uc+40VBpa8viCvKTkPEuCMSwmh2L1wwPBEJ6kZDvoadMy:2pVBpa8viCqkMutmcuwqJ6k1gY
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
section {u'size_of_data': u'0x0006de00', u'virtual_address': u'0x005c9000', u'entropy': 7.996079171264405, u'name': u'/19', u'virtual_size': u'0x0006dc82'} entropy 7.99607917126 description A section with a high entropy has been found
section {u'size_of_data': u'0x00017200', u'virtual_address': u'0x00637000', u'entropy': 7.936670976715747, u'name': u'/32', u'virtual_size': u'0x00017051'} entropy 7.93667097672 description A section with a high entropy has been found
section {u'size_of_data': u'0x000ec400', u'virtual_address': u'0x00650000', u'entropy': 7.9983769762169565, u'name': u'/65', u'virtual_size': u'0x000ec263'} entropy 7.99837697622 description A section with a high entropy has been found
section {u'size_of_data': u'0x0008bc00', u'virtual_address': u'0x0073d000', u'entropy': 7.9947467016500005, u'name': u'/78', u'virtual_size': u'0x0008ba89'} entropy 7.99474670165 description A section with a high entropy has been found
section {u'size_of_data': u'0x00029a00', u'virtual_address': u'0x007c9000', u'entropy': 7.810915654573357, u'name': u'/90', u'virtual_size': u'0x0002995a'} entropy 7.81091565457 description A section with a high entropy has been found
entropy 0.276835093012 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Agentb.X!c
Skyhigh BehavesLike.Win64.Smokeloader.wh
VIPRE Trojan.GenericKD.73974738
Sangfor Trojan.Win32.Agent.Vrdh
BitDefender Trojan.GenericKD.73974738
Arcabit Trojan.Generic.D468C3D2
Symantec ML.Attribute.HighConfidence
ESET-NOD32 WinGo/TrojanDownloader.Agent.JN
McAfee Artemis!01A3155B62C8
Kaspersky Trojan.Win64.Agentb.lamw
MicroWorld-eScan Trojan.GenericKD.73974738
Emsisoft Trojan.GenericKD.73974738 (B)
TrendMicro Trojan.Win64.PRIVATELOADER.YXEH4Z
McAfeeD ti!82475D4397B6
FireEye Trojan.GenericKD.73974738
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Google Detected
MAX malware (ai score=86)
Gridinsoft Spy.Win64.Gen.tr
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm Trojan.Win64.Agentb.lamw
GData Trojan.GenericKD.73974738
AhnLab-V3 Trojan/Win.Malware-gen.C5663260
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4255286112
Ikarus Trojan.WinGo.Rozena
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.PRIVATELOADER.YXEH4Z
huorong TrojanDownloader/Agent.bcd
MaxSecure Trojan.Malware.300983.susgen
Fortinet Malicious_Behavior.SB
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (D)