popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

shazam.exe

Malicious Library UPX PE64 PE File OS Processor Check MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 11, 2024, 9:29 a.m. Nov. 11, 2024, 9:32 a.m.
Size 17.6MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 21c436316db8b145075304cc7f29b9c8
SHA256 3880a633f0cf3358a84dc02bcd15e45a026c436da0ea2483157c40f828623e51
CRC32 FD2B805B
ssdeep 98304:f07UyxIHbmjUDWr0OyJEMYbpVGeXaN+8lUd61AU5tbmSnXt4GC3yb2gdQI:W9IHS0Wr0OqUpTqN+8reqtb9nXtiS2
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .didata
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002f00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2064
region_size: 4677632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000042a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2064
region_size: 4677632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004720000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2064
region_size: 3796992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004ba0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2064
region_size: 4136960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004f40000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4136960
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000400000
process_handle: 0xffffffffffffffff
1 0 0
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_ICON language LANG_CZECH filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_ARABIC_MOROCCO offset 0x00c8ebb4 size 0x00000468
name RT_GROUP_ICON language LANG_CZECH filetype data sublanguage SUBLANG_ARABIC_MOROCCO offset 0x011b7cbc size 0x0000005a
Bkav W64.AIDetectMalware
Symantec ML.Attribute.HighConfidence
Rising Trojan.Kryptik@AI.87 (RDML:X3oLMdVv9qyzEWONyfMcZQ)
Google Detected
Antiy-AVL Trojan/Win64.SleepObf
Microsoft Program:Win32/Wacapew.C!ml
Ikarus Trojan.Win32.Generic
section {u'size_of_data': u'0x00530200', u'virtual_address': u'0x00c88000', u'entropy': 6.825603785873843, u'name': u'.rsrc', u'virtual_size': u'0x00530200'} entropy 6.82560378587 description A section with a high entropy has been found
entropy 0.295327570392 description Overall entropy of this PE file is high