popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CarZ.exe

Emotet Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 10, 2025, 1:45 a.m. April 10, 2025, 1:45 a.m.
Size 774.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 33a2df57afcf0e90607ab3a604ab6939
SHA256 a4bb293acebb8e22484f1f2142d5cc025e96042402af0e7e21888363395d4e29
CRC32 ACD48C61
ssdeep 12288:XE3vjg9hzSj/VVbVESEqTgaoUzqlfhFdMLm3s+Evz8fFG0YgTH3Fw5:ULgzSRVmStDoUzqlr0Z/z8F8
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .data1
section .bind
Bkav W32.AIDetectMalware
Cynet Malicious (score: 100)
Cylance Unsafe
CrowdStrike win/malicious_confidence_70% (D)
McAfeeD ti!A4BB293ACEBB
Kingsoft malware.kb.a.880
VBA32 BScope.Trojan.Sabsik.FL
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 114688
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0002d7d0', u'virtual_address': u'0x00107000', u'entropy': 7.9770450263203685, u'name': u'.bind', u'virtual_size': u'0x0002d7d0'} entropy 7.97704502632 description A section with a high entropy has been found
entropy 0.23631714593 description Overall entropy of this PE file is high