popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Xoila.exe

Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 28, 2024, 10:17 a.m. Oct. 28, 2024, 10:21 a.m.
Size 10.9MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c83563592581c4544e7ed495cb17dda5
SHA256 27450801afc63f56296f01c911375f6d216f1a100f4075c45cba369c834a413d
CRC32 3565559D
ssdeep 196608:LcnKASm9cemXyuSyTde8zveNK+wfm/pf+xfdkRKxKEr2WOHWKD39eH7:KSm/tByxjgK+9/pWFGRK0Er2W673MH
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ASPack_Zero - ASPack packed file
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196978
registers.rcx: 196978
registers.rsi: 1
registers.r10: 196978
registers.rbx: 0
registers.rsp: 3113288
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9739472
registers.rdi: 0
registers.rax: 3113392
registers.r13: 28
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI4962\python3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\python311.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI4962\sqlite3.dll
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Generic.vc
ALYac Gen:Variant.Cerbu.215755
VIPRE Gen:Variant.Cerbu.215755
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Gen:Variant.Cerbu.215755
Arcabit Trojan.Cerbu.D34ACB
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.PyInstaller.P
APEX Malicious
Avast Win64:Evo-gen [Trj]
MicroWorld-eScan Gen:Variant.Cerbu.215755
Rising Spyware.Agent/PYC!1.F580 (CLASSIC)
Emsisoft Gen:Variant.Cerbu.215755 (B)
Zillya Trojan.Agent.Win32.4034940
McAfeeD ti!27450801AFC6
CTX exe.unknown.cerbu
SentinelOne Static AI - Suspicious PE
FireEye Gen:Variant.Cerbu.215755
Google Detected
Antiy-AVL RiskWare/Win32.Kryptik.a
GData Gen:Variant.Cerbu.215755
Varist PYC/Kryptik.A.gen!Camelot
Malwarebytes Spyware.ExelaStealer
Ikarus Trojan.Python.Crypted
huorong Trojan/Python.ShellLoader.cj
Fortinet Python/Kryptik.EG!tr
AVG Win64:Evo-gen [Trj]