popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Ghost_0x000263826B9A9B91.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 17, 2024, 1:30 p.m. Sept. 17, 2024, 2:30 p.m.
Size 1.4MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 11df28c910c9d9127a7e7054e9cadf1f
SHA256 a695cb493631962a4c2fd61a094cb0b952ce708a99af714772cddd4991f32df0
CRC32 A9A60537
ssdeep 24576:LpJCo0KkQWUI2kF2y8flgQ8QDiWeTmt5WFcnKaCizpf:y462e2ZUQDiJnSnKad
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
ghost_0x000263826b9a9b91+0x10690c @ 0x13f54690c
ghost_0x000263826b9a9b91+0x12f7 @ 0x13f4412f7
ghost_0x000263826b9a9b91+0x13e6 @ 0x13f4413e6
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: f3 aa 48 89 ca 49 89 f8 4c 89 85 68 51 00 00 48
exception.symbol: ghost_0x000263826b9a9b91+0x10690c
exception.instruction: stosb byte ptr [rdi], al
exception.module: Ghost_0x000263826B9A9B91.exe
exception.exception_code: 0xc0000005
exception.offset: 1075468
exception.address: 0x13f54690c
registers.r14: 0
registers.r15: 0
registers.rcx: 13844
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2883264
registers.r11: 582
registers.r8: 103060
registers.r9: 2776032
registers.rdx: 45952
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
Bkav W32.Common.2F3153E1
Lionic Trojan.Win32.Dapato.b!c
Skyhigh Artemis!Trojan
ALYac Trojan.GenericKD.73959170
Cylance Unsafe
VIPRE Trojan.GenericKD.73959170
Sangfor Dropper.Win32.Agent.Vy46
BitDefender Trojan.GenericKD.73959170
Arcabit Trojan.Generic.D4688702
VirIT Trojan.Win64.Agent.HHB
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win64:DropperX-gen [Drp]
Kaspersky Trojan-Dropper.Win32.Dapato.saon
Alibaba TrojanDropper:Win32/Dapato.464c92b9
MicroWorld-eScan Trojan.GenericKD.73959170
Rising Dropper.Dapato!8.2A2 (CLOUD)
Emsisoft Trojan.GenericKD.73959170 (B)
TrendMicro Trojan.Win64.AMADEY.YXEH2Z
McAfeeD ti!A695CB493631
CTX exe.trojan.dapato
Sophos Mal/Generic-S
FireEye Trojan.GenericKD.73959170
Webroot W32.Trojan.GenKD
Google Detected
Antiy-AVL Trojan[Dropper]/Win32.Dapato
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Ransom.Win64.Wacatac.ca
Microsoft Trojan:Win32/Wacatac.B!ml
ViRobot Trojan.Win.Z.Agent.1501184.B
ZoneAlarm Trojan-Dropper.Win32.Dapato.saon
GData Trojan.GenericKD.73959170
Varist W64/ABTrojan.JHXG-4849
AhnLab-V3 Dropper/Win.DropperX-gen.C5663779
McAfee Artemis!11DF28C910C9
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEH2Z
Tencent Malware.Win32.Gencirc.11c6c204
Fortinet W32/PossibleThreat
AVG Win64:DropperX-gen [Drp]
Paloalto generic.ml
alibabacloud Trojan[dropper]:Win/Dapato.sddp