Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 22, 2024, 3:07 p.m.	Sept. 22, 2024, 3:21 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1734e1fd7e4ca651b03421c5a75441e9`
SHA256	`c57490943138ebd0c8f502924019042a60f84581bf30a3043e978e6879685b0f`
CRC32	`5DFF4163`
ssdeep	`49152:8aPgOSRlqQWfCAh5xsT/8+yCq/WU+94ewljNTZHE:8MMluqAh5xsTmCirUwljo`
PDB Path	D:\Projects\C++\GameConfig\KiemTheConfig\Release\KiemTheConfig.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer ASPack_Zero - ASPack packed file Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

D:\Projects\C++\GameConfig\KiemTheConfig\Release\KiemTheConfig.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 22, 2024, 3:06 p.m.		1	1	0

resource name

PNG

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 22, 2024, 3:06 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73332000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x0001d200', u'virtual_address': u'0x0018b000', u'entropy': 7.43621328399981, u'name': u'.rsrc', u'virtual_size': u'0x0001d090'}

entropy

7.436213284

description

A section with a high entropy has been found

config.exe