popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ghc7.exe

UPX Malicious Library OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 13, 2024, 5:05 p.m. Sept. 13, 2024, 5:07 p.m.
Size 1.9MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 8f0f4ac2337ac290e4cd09dde03664ce
SHA256 8d89bc9e20d0ef06258026fce8c5538c1e4e82ac4c643a207bb135321b44e2e9
CRC32 DA4F48B2
ssdeep 24576:tIx9zs2z0/ppLj3YSL0hvSO8yQJOt7SN5MhVk/l4sNt9w:8z0/3j3YSwGyQJOt7YKV+l4sNt9w
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .rodata
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
Mac+0x32c ghc7+0x19fc @ 0x4019fc
Mac+0x21 ghc7+0x16f1 @ 0x4016f1
Mac+0xd ghc7+0x16dd @ 0x4016dd
Mac-0x158 ghc7+0x1578 @ 0x401578
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2

exception.instruction_r: f2 ae 48 89 c8 48 f7 d0 48 83 e8 01 89 45 e4 48
exception.symbol: Mac+0x32c ghc7+0x19fc
exception.instruction: scasb al, byte ptr [rdi]
exception.module: ghc7.exe
exception.exception_code: 0xc0000005
exception.offset: 6652
exception.address: 0x4019fc
registers.r14: 1
registers.r15: 39866560
registers.rcx: -1
registers.rsi: 16185840
registers.r10: 0
registers.rbx: 4200144
registers.rsp: 14081160
registers.r11: 514
registers.r8: 14078168
registers.r9: 14078224
registers.rdx: 0
registers.r12: 39862424
registers.rbp: 39867240
registers.rdi: 5059032
registers.rax: 0
registers.r13: 5243608
1 0 0