popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

EPTwCQd.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 31, 2025, 12:07 p.m. March 31, 2025, 12:11 p.m.
Size 712.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 19cc136b64066f972db18ef9cc2da8ca
SHA256 d20816d1e73f63beaea4bee9afc4388d07b7235a3a332674e969b646cc454597
CRC32 23E72F8B
ssdeep 12288:SIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICWVJ2GV8q7xnrVAAUcLCf6I+Y1x:w3WYatucdvDv/xrVpmx2gzTt
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gxfg
section .retplne
section _RDATA
section .cSs
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
eptwcqd+0x3acd7 @ 0x13f53acd7
eptwcqd+0x15474 @ 0x13f515474
eptwcqd+0x35c42 @ 0x13f535c42
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: eptwcqd+0x3acd7
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: EPTwCQd.exe
exception.exception_code: 0xc0000005
exception.offset: 240855
exception.address: 0x13f53acd7
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 497486849
registers.rbx: 0
registers.rsp: 2162384
registers.r11: 1
registers.r8: 1
registers.r9: 1455976193
registers.rdx: 5357502278
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00058800', u'virtual_address': u'0x0005f000', u'entropy': 7.999535323667658, u'name': u'.cSs', u'virtual_size': u'0x00058800'} entropy 7.99953532367 description A section with a high entropy has been found
entropy 0.504992867332 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Caynamer.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Ghanarava.17431783132da8ca
Skyhigh BehavesLike.Win64.Trickbot.bc
Cylance Unsafe
VIPRE Trojan.GenericKDZ.110563
Sangfor Trojan.Win32.Kryptik.Vi93
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKDZ.110563
K7GW Trojan ( 005c49bc1 )
K7AntiVirus Trojan ( 005c49bc1 )
Arcabit Trojan.Generic.D1AFE3
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.HHRD
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan.Win32.InjectorNetT.ol
Alibaba Trojan:Win64/GenKryptik.60caa68f
MicroWorld-eScan Trojan.GenericKDZ.110563
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Trojan.GenericKDZ.110563 (B)
F-Secure Trojan.TR/Crypt.Agent.frxdy
McAfeeD ti!D20816D1E73F
CTX exe.trojan.generic
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.19cc136b64066f97
Webroot Win.Malware.Gen
Google Detected
Avira TR/Crypt.Agent.frxdy
Antiy-AVL Trojan/Win32.Caynamer
Gridinsoft Ransom.Win64.Wacatac.sa
Microsoft Trojan:Win32/Caynamer.A!ml
GData Win32.Trojan-Stealer.LummaStealer.O96P9Z
Varist W64/Agent.NGAW
AhnLab-V3 Trojan/Win.Caynamer.C5746250
McAfee Artemis!19CC136B6406
DeepInstinct MALICIOUS
Ikarus Trojan.Win64.Krypt
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
Tencent Win32.Trojan.FalseSign.Simw
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/GenKryptik.HHRD!tr
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Win/Wacatac.B9nj