Summary | ZeroBOX

Coodesker-x64_1.0.7.0.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 26, 2024, 6:04 a.m. Oct. 26, 2024, 6:06 a.m.
Size 4.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 e58e97726528ec439d868e27e1bcec52
SHA256 37badafd505204b3481023d8b82081420a07cdb7e7fac5260b6c297c9bab0916
CRC32 BC3C66EC
ssdeep 98304:333PtEnxG/KzaiR1A+Q585/fSgVPibCysmLCGO+gBNS4Y:31ukimN+QoHSkibAW/Gm
PDB Path E:\Tools\Future\coodesker\bin\installer-x64.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path E:\Tools\Future\coodesker\bin\installer-x64.pdb
resource name UI
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
name UI language LANG_CHINESE filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000f3550 size 0x00013d6c
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0011b5a0 size 0x00042028
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0011b5a0 size 0x00042028
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0011b5a0 size 0x00042028
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0011b5a0 size 0x00042028
name RT_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0011b5a0 size 0x00042028
name RT_RCDATA language LANG_CHINESE filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0015d618 size 0x002d15e3
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0015d5c8 size 0x0000004c
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000f3290 size 0x000002c0
section {u'size_of_data': u'0x0033c000', u'virtual_address': u'0x000f3000', u'entropy': 7.782157276764285, u'name': u'.rsrc', u'virtual_size': u'0x0033be90'} entropy 7.78215727676 description A section with a high entropy has been found
entropy 0.774918109499 description Overall entropy of this PE file is high
ALYac Gen:Variant.Ser.Tedy.6520
VIPRE Gen:Variant.Ser.Tedy.6520
BitDefender Gen:Variant.Ser.Tedy.6520
Cybereason malicious.26528e
Arcabit Trojan.Ser.Tedy.D1978 [many]
MicroWorld-eScan Gen:Variant.Ser.Tedy.6520
Emsisoft Gen:Variant.Ser.Tedy.6520 (B)
FireEye Gen:Variant.Ser.Tedy.6520
MAX malware (ai score=80)
GData Gen:Variant.Ser.Tedy.6520 (2x)
AhnLab-V3 Malware/Win.Generic.C5636592
MaxSecure Trojan.Malware.277046244.susgen
Fortinet PossibleThreat.MU