Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 13, 2024, 1:57 p.m.	Nov. 13, 2024, 2:19 p.m.

Size	45.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`61fe809e805e74c4d6fc33b0e5a3305e`
SHA256	`466682a767a27edcb28e3d2ae0ed221836db7d7dcb73fa88879c4b5944ba829d`
CRC32	`BC441DEB`
ssdeep	`768:fI0+FNeQT1ok/ILtq2FV5AY6t+ayph/bAUn26wriTJogrIyP85P85jaZV9VYnsxx:fI0eMCoHFVet+phX7lBF85EAa0GDit3`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
v8.ter.tf		199.59.243.227
souhu.ydns.eu		202.181.25.108

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

packer

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Time & API	Arguments	Status	Return	Repeated
CreateServiceA Nov. 13, 2024, 1:57 p.m.	service_start_name: start_type: 2 password: display_name: Pqrstu Bcdefgh Jklmnop Rstu filepath: C:\Windows\wseoky.exe service_name: Pqrstua Cdefgh filepath_r: C:\Windows\wseoky.exe desired_access: 983551 service_handle: 0x005931b0 error_control: 1 service_type: 272 service_manager_handle: 0x00593250	1	5845424	0

section

{u'size_of_data': u'0x0000a800', u'virtual_address': u'0x00012000', u'entropy': 7.914333663839953, u'name': u'UPX1', u'virtual_size': u'0x0000b000'}

entropy

7.91433366384

description

A section with a high entropy has been found

entropy

0.943820224719

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

service_name

Pqrstua Cdefgh

service_path

C:\Windows\wseoky.exe

svcyr.exe