popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pccleaner_setup.exe

Emotet Malicious Library Antivirus UPX Malicious Packer OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 26, 2025, 9:46 a.m. Feb. 26, 2025, 10:03 a.m.
Size 1.2MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 afc111650ae361b1842619760fa91be2
SHA256 c475aaae514ef35c9606a262481087a8a29fe59d2df132c8737e44c8e234bb73
CRC32 12CAA7F9
ssdeep 24576:UDLjcheV9PUNZoMe+wL8On+wKGi0JPrVI+myKwOS6zs65v:EJUxwFPrXKqIZt
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer Armadillo v1.71
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002aa0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Chaos.j!c
Cynet Malicious (score: 100)
Skyhigh Ransomware-FTD!E79DE75BAE88
ALYac Generic.Ransom.Small.FB412F9F
Cylance Unsafe
VIPRE Generic.Ransom.Small.FB412F9F
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Generic.Ransom.Small.FB412F9F
K7GW Ransomware ( 005a8b921 )
K7AntiVirus Ransomware ( 005a8b921 )
Arcabit Generic.Ransom.Small.FB412F9F
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Filecoder.Chaos.A
APEX Malicious
Avast FileRepMalware [Misc]
ClamAV Win.Ransomware.Hydracrypt-9878672-0
Kaspersky HEUR:Trojan-Ransom.MSIL.Agent.gen
Alibaba Ransom:MSIL/FileCoder.381f3c86
MicroWorld-eScan Generic.Ransom.Small.FB412F9F
Rising Ransom.Destructor!1.B060 (CLASSIC)
Emsisoft Generic.Ransom.Small.FB412F9F (B)
F-Secure Heuristic.HEUR/AGEN.1370958
DrWeb Trojan.Encoder.10598
TrendMicro Ransom.MSIL.CHAOS.SMLKC
McAfeeD ti!C475AAAE514E
CTX exe.ransomware.msil
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Generic.Ransom.Small.FB412F9F
Jiangmin Trojan.Reconyc.bqgj
Google Detected
Avira HEUR/AGEN.1370958
Kingsoft MSIL.Trojan-Ransom.Agent.gen
Gridinsoft Malware.Win32.Chaos.tr
Microsoft Ransom:MSIL/FileCoder!rfn
GData MSIL.Trojan-Ransom.Remind.B
Varist W32/Azorult.D.gen!Eldorado
McAfee Artemis!AFC111650AE3
DeepInstinct MALICIOUS
VBA32 Trojan.MSIL.DelShad.Heur
Panda Trj/CI.A
Tencent Msil.Trojan-Ransom.Agent.Yylw
Fortinet MSIL/Filecoder_Chaos.A!tr
AVG FileRepMalware [Misc]
Paloalto generic.ml