popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

%E6%B8%85%E7%90%86%E5%9E%83%E5%9C%BE.exe

Emotet UPX PE32 MZP Format PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 30, 2024, 11:54 a.m. Sept. 30, 2024, 12:02 p.m.
Size 32.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 f004f01e7ad572da2ea0b7f7b377f203
SHA256 7c64671a310a721ac191f149b5c3b044482e3b2d2fa6266d7f7b41d268113d01
CRC32 8E1F6A57
ssdeep 768:Wz+VZ1p/ija+1I2UqBg6Q4sNbEMLFAmC7+8G:vVZfqamsNbDF0i
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: ╒Γ╩╟═°╔╧┴≈┤½╡─┼·┤ª└φíú╦ⁿ╗ß░∩─·╔╛│²╗╪╩╒╒╛íó┴┘╩▒─┐┬╝íó╫ε╜ⁿ┤≥┐¬╣²╡─╬─╡╡║█╝ú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╡╚íú╢╘╧╡═│╘╦╨╨╔╘╙╨░∩╓·íú╚τ╣√─·╧╙╡τ─╘╘╦╨╨╦┘╢╚┬²ú¼▓╗╥¬╓╕═√╙├▒╛┼·┤ª└φ─▄╕π║├íú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╡τ─╘╦┘╢╚┬²═¿│ú╩╟╥≥╬¬╠½╢α╬▐╙├╡─╘╦╦π╒╝╛▌┴╦CPU║═─┌┤µ╫╩╘┤╦∙╓┬íú╜¿╥Θ╨╢╘╪▓╗▒╪
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╥¬╡─╚φ╝■▓╗╥¬╘┌╧╡═│┼╠╧┬╖┼╩²╛▌íú╒Γ╩╟╫ε│╣╡╫╡─░∞╖¿íú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╙┼╗»íó╓╟─▄íó╝▒╦┘░µíú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╝╙╟┐░µ╕ⁿ╨┬╚╒╓╛
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ▒╛│╠╨≥╠╪╡πú║
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╝°╙┌║▄╢α╚╦░╤IE╗║┤µ╡╚╬─╝■╝╨╫¬╥╞╡╜╖╟╧╡═│┼╠ú¼
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╦∙╥╘ú¼▒╛│╠╨≥╟σ└φ└¼╗°╬─╝■╩▒ú¼╩╫╧╚╜°╨╨┼╨╢╧╧╡═│╡─╔Φ╓├íú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ╙┼╡πú║╟σ└φ╬╗╓├╕ⁿ╝╙╫╝╚╖ú¼▓▀┬╘╕ⁿ╝╙┐╞╤ºíú
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: pause
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Press any key to continue . . .
console_handle: 0x00000007
1 1 0
section .itext
file C:\Users\test22\AppData\Local\Temp\4OOD97XV.bat
cmdline cmd.exe /c ""C:\Users\test22\AppData\Local\Temp\4OOD97XV.bat" "C:\Users\test22\AppData\Local\Temp\%E6%B8%85%E7%90%86%E5%9E%83%E5%9C%BE.exe" "
Lionic Trojan.Win32.Generic.4!c
Skyhigh BehavesLike.Win32.Generic.nh
ALYac Gen:Trojan.Heur.cKW@t5uwqPpiB
Cylance unsafe
VIPRE Gen:Trojan.Heur.cKW@t5uwqPpiB
BitDefender Gen:Trojan.Heur.cKW@t5uwqPpiB
Arcabit Trojan.Heur.EC93B1
Symantec ML.Attribute.HighConfidence
Avast Win32:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
MicroWorld-eScan Gen:Trojan.Heur.cKW@t5uwqPpiB
Rising Trojan.Win32.Generic.1936132D (C64:YzY0Onro+1sQRUHo)
Emsisoft Gen:Trojan.Heur.cKW@t5uwqPpiB (B)
DrWeb Trojan.Proxy.27884
Zillya Worm.AutoRun.Win32.119457
Trapmine malicious.high.ml.score
FireEye Gen:Trojan.Heur.cKW@t5uwqPpiB
MAX malware (ai score=80)
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Trojan.Heur.cKW@t5uwqPpiB
BitDefenderTheta AI:Packer.36A18EAF1D
DeepInstinct MALICIOUS
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:Malware-gen
Paloalto generic.ml