popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

iupdate.exe

Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer MZP Format PE File OS Processor Check PE32 URL Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 16, 2024, 10:59 a.m. Oct. 16, 2024, 11:33 a.m.
Size 5.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8f2382e57ef226bcbf3f549280a59085
SHA256 7610decf9c6c0fe1da22550d4542b9c42be3c7ede12a7c768200b74b45c4b470
CRC32 D9C0FA7B
ssdeep 49152:ncl8ezAQgB8NFiS9csAsNHdUCuR7JQ4tlps7LRDwlf+vJv23JHgXSu:ncCJQgBcjUCuR7Jlx4LRDwN+vGi
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .itext
section .didata
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1504
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00057c00', u'virtual_address': u'0x0050c000', u'entropy': 6.8883757352776485, u'name': u'.rsrc', u'virtual_size': u'0x00057c00'} entropy 6.88837573528 description A section with a high entropy has been found
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x00b22320
function_name: wine_get_version
module: ntdll
module_address: 0x778a0000
3221225785 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
ALYac Gen:Variant.Midie.147441
Cylance Unsafe
VIPRE Gen:Variant.Midie.147441
Sangfor Trojan.Win32.Agent.Vvet
BitDefender Gen:Variant.Midie.147441
Arcabit Trojan.Midie.D23FF1
Symantec Trojan.Gen.MBT
APEX Malicious
MicroWorld-eScan Gen:Variant.Midie.147441
Emsisoft Gen:Variant.Midie.147441 (B)
McAfeeD ti!7610DECF9C6C
CTX exe.trojan.midie
FireEye Gen:Variant.Midie.147441
Antiy-AVL Trojan/Win32.Sonbokli
Microsoft Trojan:Win32/Sonbokli.A!cl
GData Gen:Variant.Midie.147441
AhnLab-V3 Trojan/Win.Generic.C5597387
McAfee Artemis!8F2382E57EF2
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.2334928837
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H09J924
MaxSecure Trojan.Malware.259493529.susgen
Fortinet W32/PossibleThreat
Paloalto generic.ml
alibabacloud RiskWare:Win/Midie.Gen