Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 31, 2024, 10:07 a.m.	Dec. 31, 2024, 10:09 a.m.

Size	39.0MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6f9364955758da40f420391d984fce6e`
SHA256	`44521e1af289aa3473d7445d097766f1c3f3d8721d14b14ed6d5404994a03eb2`
CRC32	`73A32277`
ssdeep	`393216:fyvSgcAF+N2OhibQnaysoMtVGgvV5A1XhiLkig+3nxTvWszKFQw6WbGB:fESgNFok0a1tRvVyhiIYynFQwY`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Schwerer_IN - Schwerer Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Antivirus - Contains references to security software Microsoft_Office_File_Zero - Microsoft Office File Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware NorthKorea_Zero - Maybe it's North Korea File UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 31, 2024, 10:07 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 31875392 registers.r15: 0 registers.rcx: -1 registers.rsi: 2293104 registers.r10: 3221225485 registers.rbx: -10000 registers.rsp: 2292776 registers.r11: 2 registers.r8: 2292816 registers.r9: 360 registers.rdx: 0 registers.r12: 2293328 registers.rbp: 2292832 registers.rdi: 4432672 registers.rax: 0 registers.r13: 0	1	0	0

section

{u'size_of_data': u'0x00992400', u'virtual_address': u'0x010cd000', u'entropy': 7.914599573298472, u'name': u'.data', u'virtual_size': u'0x00a0e670'}

entropy

7.9145995733

description

A section with a high entropy has been found

entropy

0.24576844956

description

Overall entropy of this PE file is high

Updating.exe