popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup1.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 7, 2024, 1:46 p.m. Nov. 7, 2024, 1:48 p.m.
Size 373.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5176902b9a5eeca52c6b0bac4909a5f2
SHA256 8f798f133430f9043b5a4f1bde10ec3d9cc5ede8dc5351e4e1aefac64bd4f2fe
CRC32 F45F0303
ssdeep 6144:XqVLCDWz9leBppbepzmFjoqBM1rWvGb/D5g/OSedz/o8yT:XqVIWz9leBppbeFmdovWvC5g/O7dzAp
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .yefol
section .bokir
section .rugis
section .tiriwa
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 176128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01d80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dc0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00049800', u'virtual_address': u'0x00001000', u'entropy': 7.008084467839665, u'name': u'.text', u'virtual_size': u'0x00049762'} entropy 7.00808446784 description A section with a high entropy has been found
entropy 0.790322580645 description Overall entropy of this PE file is high