popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0.exe.exe

Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 30, 2024, 9:32 a.m. Sept. 30, 2024, 9:38 a.m.
Size 113.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 88e6a85ea94ea57fd35704b9b6e67358
SHA256 df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0
CRC32 B95B2F5B
ssdeep 3072:x+PkbTWYtBzNgnbRh6JuB/fFDkjjdqxEIe8mXbdMP73:Is2cBCbRdB/fFDkjXIHj3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0+0x3eda @ 0x923eda
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 83 3d 9c 77 41 00 00 75 2a 8d 85 38 ff ff ff 50
exception.symbol: df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0+0x6b60
exception.instruction: cmp dword ptr [0x41779c], 0
exception.module: df93b51dfce7f3f780fe6544a2db728672b9df4e76f2e61be21c87d6d782cce0.exe.exe
exception.exception_code: 0xc0000005
exception.offset: 27488
exception.address: 0x926b60
registers.esp: 2686232
registers.edi: 0
registers.eax: 1968976824
registers.ebp: 2686432
registers.edx: 9584325
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
1 0 0
section {u'size_of_data': u'0x00007a00', u'virtual_address': u'0x00018000', u'entropy': 7.987914916263047, u'name': u'.rsrc', u'virtual_size': u'0x00007804'} entropy 7.98791491626 description A section with a high entropy has been found
entropy 0.271111111111 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Zerber.tn5z
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Mauvaise.SL1
McAfee GenericR-HXD!88E6A85EA94E
ALYac Trojan.EmotetU.Gen.hqW@beX9Vkk
Cylance unsafe
VIPRE Trojan.EmotetU.Gen.hqW@beX9Vkk
Sangfor Ransom.Win32.Save.a
K7AntiVirus Trojan ( 004e189a1 )
BitDefender Trojan.EmotetU.Gen.hqW@beX9Vkk
K7GW Trojan ( 004e189a1 )
Cybereason malicious.5e7f95
Arcabit Trojan.EmotetU.Gen.E70EDA
Cyren W32/ABRansom.GOAU-7212
Symantec Trojan.Ransomlock.AH
tehtris Generic.Malware
ESET-NOD32 a variant of Generik.FSTFDUU
APEX Malicious
Avast Win32:Ransom-AYU [Trj]
ClamAV Win.Ransomware.Imps-7086557-0
Kaspersky Trojan-Ransom.Win32.Zerber.eck
Alibaba Malware:Win32/km_247cf.None
NANO-Antivirus Trojan.Win32.Encoder.fdpixl
MicroWorld-eScan Trojan.EmotetU.Gen.hqW@beX9Vkk
Rising Ransom.Cerber!1.E6AA (CLASSIC)
Emsisoft Trojan.EmotetU.Gen.hqW@beX9Vkk (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.Encoder.4691
Zillya Trojan.Zerber.Win32.217
TrendMicro Ransom_HPCERBER.SM7
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
Trapmine malicious.high.ml.score
FireEye Generic.mg.88e6a85ea94ea57f
Sophos Mal/Generic-S
Ikarus Trojan-Ransom.Blocker
Jiangmin Trojan.Zerber.ie
Avira TR/Dropper.Gen
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.SGeneric
Kingsoft malware.kb.a.1000
Gridinsoft Ransom.Win32.Blocker.oa!s1
Xcitium Backdoor.Win32.Androm.GHE@5sc2x6
Microsoft Ransom:Win32/Cerber.A
ZoneAlarm Trojan-Ransom.Win32.Zerber.eck
GData Trojan.EmotetU.Gen.hqW@beX9Vkk
Google Detected
AhnLab-V3 Trojan/Win32.Cerber.R186114
BitDefenderTheta AI:Packer.666079391E