popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66ed0c1bc99a0_setup333.exe#lyla

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 21, 2024, 1:47 p.m. Sept. 21, 2024, 1:51 p.m.
Size 270.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 55cf0ba0a65d11eee638b11ba9e2f3a1
SHA256 a2b8d4f469a7b8c8900df12569de67f5c8cb68e68177d482ff7ccfe9d580101b
CRC32 CD5C3B2D
ssdeep 6144:tDN0YXMIebj1xc/2K1OIoZ8yruBSXMPoiHzWZVfPybyX86EsUY:t+/IebS2sOZZ8yruBSXMPohPyi8j
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .yupehek
section .bigo
section .lud
section .welo
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 180224
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x028c2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1984
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00360000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00033200', u'virtual_address': u'0x00001000', u'entropy': 7.896980334016166, u'name': u'.text', u'virtual_size': u'0x00033164'} entropy 7.89698033402 description A section with a high entropy has been found
entropy 0.758812615955 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
CAT-QuickHeal Ransom.Stop.P5
Skyhigh BehavesLike.Win32.Generic.dc
Cylance Unsafe
VIPRE Gen:Variant.Cerbu.215335
Sangfor Ransom.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Gen:Variant.Cerbu.215335
K7GW Trojan ( 005579741 )
K7AntiVirus Trojan ( 00516fdf1 )
Arcabit Trojan.Cerbu.D34927
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Avast FileRepMalware [Pws]
ClamAV Win.Packer.pkr_ce1a-9980177-0
MicroWorld-eScan Gen:Variant.Cerbu.215335
Rising Trojan.Kryptik@AI.90 (RDML:JL6MBZ2RYHkTVzlVH4jMkA)
Emsisoft Gen:Variant.Cerbu.215335 (B)
McAfeeD ti!A2B8D4F469A7
Trapmine malicious.moderate.ml.score
CTX exe.trojan.generic
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.55cf0ba0a65d11ee
Google Detected
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.SmokeLoader.tr
Microsoft Trojan:Win32/Znyonm
GData Gen:Variant.Cerbu.215335
Varist W32/Kryptik.MIZ.gen!Eldorado
McAfee Artemis!55CF0BA0A65D
DeepInstinct MALICIOUS
VBA32 Trojan.Buzus
Malwarebytes Malware.Heuristic.2114
Ikarus Win32.Outbreak
Tencent Trojan.Win32.Obfuscated.gen
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware [Pws]
Paloalto generic.ml