popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Nehh6wZ.exe

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 8, 2025, 9:13 a.m. April 8, 2025, 9:15 a.m.
Size 983.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 cc1988650b5fe3e0dfb8632a77b2a9ac
SHA256 d63135791ebcbead27ea97784e9076963028508ed4c26f454c24479ded5a71aa
CRC32 1FD8923E
ssdeep 24576:BulIExtUXbaVQfcZe1MEw4nvHloxA2I1I16Qq5G:BuyExtUSwcZu7vYAjIXqG
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B1
section .gxfg
section .retplne
section _RDATA
section .cSs
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
nehh6wz+0x73a07 @ 0x13f5d3a07
nehh6wz+0x99e3 @ 0x13f5699e3
nehh6wz+0xc050 @ 0x13f56c050
nehh6wz+0xbada @ 0x13f56bada
nehh6wz+0x9a00e @ 0x13f5fa00e
nehh6wz+0x20c67 @ 0x13f580c67
nehh6wz+0x1fc3e @ 0x13f57fc3e
nehh6wz+0x2bd10 @ 0x13f58bd10
nehh6wz+0x25527 @ 0x13f585527
nehh6wz+0x67bac @ 0x13f5c7bac
nehh6wz+0x2bd10 @ 0x13f58bd10
nehh6wz+0x6709b @ 0x13f5c709b
nehh6wz+0x647c6 @ 0x13f5c47c6
nehh6wz+0x630c8 @ 0x13f5c30c8
nehh6wz+0x61f11 @ 0x13f5c1f11
nehh6wz+0x60929 @ 0x13f5c0929
nehh6wz+0x56298 @ 0x13f5b6298
nehh6wz+0x49409 @ 0x13f5a9409
nehh6wz+0x6cb4b @ 0x13f5ccb4b
TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x776d2484
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x776e0c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: nehh6wz+0x73a07
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: Nehh6wZ.exe
exception.exception_code: 0xc0000005
exception.offset: 473607
exception.address: 0x13f5d3a07
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: -72340172838076673
registers.rbx: 0
registers.rsp: 7993488
registers.r11: -9187201950435737472
registers.r8: 1
registers.r9: -72340170903231955
registers.rdx: 5358140132
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00082e00', u'virtual_address': u'0x00001000', u'entropy': 7.0458856826729654, u'name': u'.text', u'virtual_size': u'0x00082d30'} entropy 7.04588568267 description A section with a high entropy has been found
section {u'size_of_data': u'0x00001c00', u'virtual_address': u'0x0009a000', u'entropy': 6.850629558937061, u'name': u'.B1', u'virtual_size': u'0x00001a58'} entropy 6.85062955894 description A section with a high entropy has been found
section {u'size_of_data': u'0x0005ca00', u'virtual_address': u'0x000a2000', u'entropy': 7.99952534585975, u'name': u'.cSs', u'virtual_size': u'0x0005ca00'} entropy 7.99952534586 description A section with a high entropy has been found
entropy 0.917982679572 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
ALYac Gen:Variant.Lazy.674631
Cylance Unsafe
VIPRE Gen:Variant.Lazy.674631
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Gen:Variant.Lazy.674631
Arcabit Trojan.Lazy.DA4B47
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.HHSW
APEX Malicious
Avast CrypterX-gen [Trj]
Kaspersky UDS:Trojan-PSW.Win32.Lumma
MicroWorld-eScan Gen:Variant.Lazy.674631
Rising Trojan.Kryptik@AI.90 (RDML:3ggn9pKdMGWvFLSql8hHqQ)
Emsisoft Gen:Variant.Lazy.674631 (B)
McAfeeD ti!D63135791EBC
CTX exe.unknown.lazy
Sophos Generic ML PUA (PUA)
FireEye Gen:Variant.Lazy.674631
Kingsoft malware.kb.a.998
Microsoft Trojan:Win32/Sabsik.EN.A!ml
GData Gen:Variant.Lazy.674631
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
AVG CrypterX-gen [Trj]