popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66d7540419a3a_installer.exe

UPX Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 4, 2024, 9:31 a.m. Sept. 4, 2024, 9:33 a.m.
Size 4.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 9a0770b61e54640630a3c8542c5bc7ac
SHA256 9526753470158f5c148ba6c12f2dbd0f77cbe830ace567c44b5399d0e05b2b0c
CRC32 FE78B3B5
ssdeep 98304:wy5/EENF6+Gdav+NqOb1pdHwbsMnKMpgMFboMhW2qIYPyDFG4Z5yJSO3oa:hVzNGdbpBwoMnKMpgWoMhW2jg4LyJv3X
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x3a2f04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 c1 76
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3a2f04
registers.r14: 4154658
registers.r15: 4159024
registers.rcx: 284
registers.rsi: 4473584
registers.r10: 0
registers.rbx: 0
registers.rsp: 1243304
registers.r11: 1245072
registers.r8: 1994752396
registers.r9: 0
registers.rdx: 300
registers.r12: 4155680
registers.rbp: 1243440
registers.rdi: 284
registers.rax: 3813120
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\setup_app.dll
section {u'size_of_data': u'0x00010800', u'virtual_address': u'0x00028000', u'entropy': 6.9964631862924564, u'name': u'.rsrc', u'virtual_size': u'0x000107f2'} entropy 6.99646318629 description A section with a high entropy has been found
entropy 0.321951219512 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Packed.Agent_AGen.G suspicious
NANO-Antivirus Virus.Win64.Virut-Gen.bwpxnc
Rising Malware.SwollenFile!1.E38A (CLASSIC)
F-Secure Trojan:W32/GenInflated.B
DrWeb Program.Unwanted.5511
Zillya Trojan.Donut.Win64.2532
McAfeeD ti!952675347015
Jiangmin HackTool.MSIL.dwk
Gridinsoft PUP.Win64.BundleInstaller.mz!c
Paloalto generic.ml