popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Nezur.exe

UPX Malicious Packer ftp PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 3, 2024, 9:27 a.m. Sept. 3, 2024, 9:38 a.m.
Size 2.1MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 d6f133dee71ed4c119a2d2aaf4cf3a69
SHA256 3c1ada57fbbe1a5fe4e56ab89545f9c38b888676ef303ffb2934d289937af83d
CRC32 E087101F
ssdeep 24576:KXvvlrWIK0D/bUGtJlLlXTJqOYEorty9ANVKOgTzCEkXuaMUMzSTN:akI9DzUGtJlLlXF/tX9CvIaMUMzS
PDB Path D:\vs_source_files\rbx-external-base\Build\Esp\external-sdk.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\vs_source_files\rbx-external-base\Build\Esp\external-sdk.pdb
section {u'size_of_data': u'0x00092200', u'virtual_address': u'0x00181000', u'entropy': 6.84761887776995, u'name': u'.rdata', u'virtual_size': u'0x00092074'} entropy 6.84761887777 description A section with a high entropy has been found
entropy 0.267873510541 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.GameHack.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Dropper.vh
ALYac Gen:Variant.Tedy.530662
Cylance Unsafe
VIPRE Gen:Variant.Tedy.530662
Sangfor Trojan.Win64.Tedy.Vl79
K7AntiVirus Unwanted-Program ( 005a9cef1 )
BitDefender Gen:Variant.Tedy.530662
K7GW Unwanted-Program ( 005a9cef1 )
Cybereason malicious.ee71ed
Arcabit Trojan.Tedy.D818E6
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GameHack_AGen.OY potentially unsafe
APEX Malicious
McAfee Artemis!D6F133DEE71E
Avast FileRepMalware [Misc]
MicroWorld-eScan Gen:Variant.Tedy.530662
Rising Trojan.Znyonm!8.18A3A (CLOUD)
Emsisoft Gen:Variant.Tedy.530662 (B)
McAfeeD ti!3C1ADA57FBBE
FireEye Gen:Variant.Tedy.530662
Sophos Generic Reputation PUA (PUA)
Webroot W32.Hacktool.Riskware
Google Detected
MAX malware (ai score=89)
Antiy-AVL RiskWare/Win64.Gamehack
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win64/Tedy!pz
GData Gen:Variant.Tedy.530662
AhnLab-V3 Trojan/Win.Generic.R639625
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3943008033
Ikarus Gen.Whisperer
TrendMicro-HouseCall TROJ_GEN.R002H09BQ24
Yandex Riskware.Agent!4iQ61fRbwVc
MaxSecure Trojan.Malware.232338868.susgen
Fortinet Adware/GameHack_AGen
AVG FileRepMalware [Misc]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_70% (W)
alibabacloud Trojan:Win/Tedy.Gen