popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CarZ.exe

Emotet Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
    Category Machine Started Completed
    FILE s1_win7_x6401 April 10, 2025, 1:45 a.m. April 10, 2025, 1:45 a.m.
    Size 774.0KB
    Type PE32 executable (GUI) Intel 80386, for MS Windows
    MD5 33a2df57afcf0e90607ab3a604ab6939
    SHA256 a4bb293acebb8e22484f1f2142d5cc025e96042402af0e7e21888363395d4e29
    CRC32 ACD48C61
    ssdeep 12288:XE3vjg9hzSj/VVbVESEqTgaoUzqlfhFdMLm3s+Evz8fFG0YgTH3Fw5:ULgzSRVmStDoUzqlr0Z/z8F8
    Yara
    • PE_Header_Zero - PE File Signature
    • Malicious_Library_Zero - Malicious_Library
    • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
    • IsPE32 - (no description)
    • Generic_Malware_Zero - Generic Malware
    • OS_Processor_Check_Zero - OS Processor Check
    • UPX_Zero - UPX packed file

    Name Response Post-Analysis Lookup
    No hosts contacted.
    IP Address Status Action
    No hosts contacted.

    Suricata Alerts

    No Suricata Alerts

    Suricata TLS

    No Suricata TLS

    section .data1
    section .bind
    Bkav W32.AIDetectMalware
    Cynet Malicious (score: 100)
    Cylance Unsafe
    CrowdStrike win/malicious_confidence_70% (D)
    McAfeeD ti!A4BB293ACEBB
    Kingsoft malware.kb.a.880
    VBA32 BScope.Trojan.Sabsik.FL
    Time & API Arguments Status Return Repeated

    NtProtectVirtualMemory

    		 process_identifier: 2560
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 114688
    protection: 32 (PAGE_EXECUTE_READ)
    base_address: 0x10001000
    process_handle: 0xffffffff
    		1 0 0
    section {u'size_of_data': u'0x0002d7d0', u'virtual_address': u'0x00107000', u'entropy': 7.9770450263203685, u'name': u'.bind', u'virtual_size': u'0x0002d7d0'} entropy 7.97704502632 description A section with a high entropy has been found
    entropy 0.23631714593 description Overall entropy of this PE file is high