popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

main.exe

Emotet Gen1 Generic Malware Malicious Library ASPack UPX dll PE64 PE File OS Processor Check ZIP Format DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 20, 2024, 9:17 a.m. Oct. 20, 2024, 9:36 a.m.
Size 18.4MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 8292296fd66588cd63632b601dc85981
SHA256 4916fb61bcacb45e64b60299ceb4c9262a81ece270657a171dd29f80e94efafb
CRC32 E28B3C6A
ssdeep 393216:bqPnLFXlr7oQpDOETgsPWgfGaJgwMrvEk82/Jq:uPLFXNsQoEOWBMQa0
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ASPack_Zero - ASPack packed file
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196972
registers.rcx: 196972
registers.rsi: 1
registers.r10: 196972
registers.rbx: 0
registers.rsp: 2255144
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9082128
registers.rdi: 0
registers.rax: 2255248
registers.r13: 28
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\VCRUNTIME140_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pywintypes310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-locale-l1-1-0.dll
section {u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.555572206814071, u'name': u'.rsrc', u'virtual_size': u'0x0000f498'} entropy 7.55557220681 description A section with a high entropy has been found
file C:\Users\test22\AppData\Local\Temp\_MEI20962\psutil\_psutil_windows.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\win32com\shell\shell.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\Cipher\_raw_ocb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\Math\_modexp.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\win32trace.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\Hash\_SHA256.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\Util\_cpuid_c.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_sqlite3.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\certifi\cacert.pem
file C:\Users\test22\AppData\Local\Temp\_MEI20962\python310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\Cipher\_raw_cast.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\aiohttp\_http_writer.cp310-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_hashlib.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\PIL\_imagingft.cp310-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_asyncio.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pyinstaller-5.1.dist-info\METADATA
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\win32ui.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\attrs-23.1.0.dist-info\RECORD
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_socket.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\aiohttp\_websocket.cp310-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_uuid.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pythoncom310.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\PIL\_imagingtk.cp310-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\attrs-23.1.0.dist-info\METADATA
file C:\Users\test22\AppData\Local\Temp\_MEI20962\Crypto\PublicKey\_ed25519.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\aiohttp\_helpers.cp310-win_amd64.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pyinstaller-5.1.dist-info\INSTALLER
file C:\Users\test22\AppData\Local\Temp\_MEI20962\_ssl.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\altgraph-0.17.4.dist-info\WHEEL
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\pyinstaller-5.1.dist-info\direct_url.json
file C:\Users\test22\AppData\Local\Temp\_MEI20962\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\mfc140u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI20962\certifi\py.typed
Bkav W64.AIDetectMalware
Lionic Trojan.Win64.Alien.tslR
Cynet Malicious (score: 99)
Skyhigh Artemis
ALYac Generic.Trojan.Stealer.D.FB298722
Cylance Unsafe
VIPRE Generic.Trojan.Stealer.D.FB298722
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Generic.Trojan.Stealer.D.FB298722
Arcabit Generic.Trojan.Stealer.D.FBD48EE2
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
APEX Malicious
Avast Python:Agent-IR [Trj]
Kaspersky Trojan-PSW.Python.Stealer.aa
Alibaba TrojanPSW:Win32/Stealer.fa9afcf6
MicroWorld-eScan Generic.Trojan.Stealer.D.FB298722
Rising Stealer.Empyrean/PYC!1.EACF (CLASSIC)
Emsisoft Generic.Trojan.Stealer.D.FB298722 (B)
F-Secure Heuristic.HEUR/AGEN.1372211
DrWeb Python.Stealer.1138
TrendMicro TROJ_GEN.R002C0XGN24
McAfeeD ti!4916FB61BCAC
CTX exe.trojan.stealer
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Generic.Trojan.Stealer.D.FB298722
Webroot W32.Trojan.Python.Stealer
Google Detected
Avira HEUR/AGEN.1372211
Kingsoft Win32.Troj.Unknown.a
Xcitium Malware@#3r59rcoqn01o
Microsoft Trojan:Win64/Disco.AMC!MTB
ZoneAlarm Trojan-PSW.Python.Stealer.aa
GData Generic.Trojan.Stealer.D.FB298722
Varist W64/S-a56473fb!Eldorado
McAfee Artemis!8292296FD665
DeepInstinct MALICIOUS
Malwarebytes Agent.Spyware.Stealer.DDS
Ikarus Trojan.Python.Crypt
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0XGN24
Tencent Win32.Trojan-QQPass.QQRob.Dnhl
huorong TrojanSpy/Python.Stealer.f
MaxSecure Trojan.Malware.121218.susgen
Fortinet Python/Agent.NZ!tr
AVG Python:Agent-IR [Trj]
Paloalto generic.ml
alibabacloud Stealer:Python/empyrean