popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

qhjMWht.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 7, 2025, 10:38 a.m. April 7, 2025, 10:42 a.m.
Size 5.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1dbdcaeaac26f7d34e872439997ee68d
SHA256 3142aecf9794be2f3894d3e1429d28f80918c5b41d516c9160e7cd3984a6f5a3
CRC32 777307E0
ssdeep 98304:zZvqfZH0os+672PX492sJZH0os+672PX492sUZH0os+672PX492sY:xq90p+6SPX4p0p+6SPX4Q0p+6SPX4u
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x3e1aa8
0x3e116b
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: ff 10 83 ec 10 85 c0 78 06 8b bd d4 fd ff ff 8d
exception.instruction: call dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x3e1d1c
registers.esp: 15792016
registers.edi: 0
registers.eax: 0
registers.ebp: 15792616
registers.edx: 37
registers.ebx: 15792072
registers.esi: 15792664
registers.ecx: 15792664
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 299008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0004c000', u'virtual_address': u'0x00059000', u'entropy': 7.987504502422605, u'name': u'.reloc', u'virtual_size': u'0x0004c000'} entropy 7.98750450242 description A section with a high entropy has been found
entropy 0.479117415288 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Generic.4!c
Cylance Unsafe
Sangfor Trojan.Win32.Agent.Vhsu
CrowdStrike win/malicious_confidence_60% (W)
BitDefender Trojan.GenericKD.76183203
Arcabit Trojan.Generic.D48A76A3
Symantec Trojan.Gen.MBT
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Generik.GKPDAJB
Avast Win32:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
MicroWorld-eScan Trojan.GenericKD.76183203
Rising Trojan.Injector!1.127AD (CLASSIC)
Emsisoft Trojan.GenericKD.76183203 (B)
Trapmine malicious.high.ml.score
CTX exe.trojan.generic
Sophos Mal/Generic-S
FireEye Trojan.GenericKD.76183203
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft Trojan:Win32/Stealc!rfn
GData Win32.Trojan.Agent.IMJYZW
Varist W32/ABTrojan.XQEE-4003
McAfee Artemis!1DBDCAEAAC26
DeepInstinct MALICIOUS
Ikarus Trojan.SuspectCRC
Panda Trj/Chgt.AD
Fortinet Malicious_Behavior.SB
AVG Win32:Malware-gen