popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

file.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 5, 2025, 10:14 a.m. April 5, 2025, 10:17 a.m.
Size 548.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 63d27bd94ab2185dc811a891493c43fa
SHA256 ccb5ceb2182b9772f1621a488b740a7bed188f0872adb872ae3011d972a29f2c
CRC32 7519D470
ssdeep 12288:kqK75VLWXEn9YunS8bq0Z4yPdswGu5xMp4:doBlnGuvjZ4yywR
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x1ca58d7
file+0x8d611 @ 0x13ffbd611
0x1d28e74
0x1ca04e0
0x31f520
file+0x9d77d @ 0x13ffcd77d
GetConsoleMode+0x120 WaitForSingleObjectEx-0x70 kernel32+0x22f80 @ 0x76fe2f80
file+0x9e12b @ 0x13ffce12b
0x1cd0000
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4
0xb09315f4

exception.instruction_r: 90 eb 03 47 e5 18 eb 03 1a 8e 19 eb 05 02 a3 59
exception.instruction: nop
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x1ca58d7
registers.r14: 0
registers.r15: 0
registers.rcx: 3
registers.rsi: 30588148
registers.r10: 0
registers.rbx: 7
registers.rsp: 3273856
registers.r11: 582
registers.r8: 3273432
registers.r9: 5368502624
registers.rdx: 30038202
registers.r12: 29984864
registers.rbp: 3273872
registers.rdi: 30036944
registers.rax: 258
registers.r13: 3910
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1280
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001c70000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1280
region_size: 421888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001cd0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00021c00', u'virtual_address': u'0x0008b000', u'entropy': 7.997168272609961, u'name': u'', u'virtual_size': u'0x00021b70'} entropy 7.99716827261 description A section with a high entropy has been found
entropy 0.985401459854 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
CTX exe.unknown.lazy
ALYac Gen:Variant.Lazy.670110
Cylance Unsafe
VIPRE Gen:Variant.Lazy.670110
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Lazy.DA399E
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win64/Packed.Obsidium.A suspicious
Avast Win64:DropperX-gen [Drp]
Kaspersky UDS:Trojan-PSW.Win32.Rhadamanthys.he
MicroWorld-eScan Gen:Variant.Lazy.670110
Emsisoft Gen:Variant.Lazy.670110 (B)
Trapmine malicious.moderate.ml.score
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Lazy.670110
AhnLab-V3 Trojan/Win.Generic.R697000
Zoner Probably Heur.ExeHeaderL
AVG Win64:DropperX-gen [Drp]