popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

file.exe

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 26, 2025, 2:20 p.m. April 26, 2025, 2:33 p.m.
Size 998.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 64911e99a76c2d6ef6925d1500323903
SHA256 714e9be09c6a9a397a88e8b2cee5fed08ad5c4cec1de41789d68fd2886d77c2f
CRC32 9694E2DF
ssdeep 24576:BkdmeVduOtjIn69eY50cma/yjk1AeVduOtjIn69eY50cma/yjk1:BIm0VIOf50cxJA0VIOf50cxJ
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B3
section .gxfg
section .retplne
section _RDATA
section .jss
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
file+0x28d77 @ 0x13f848d77
file+0x9658 @ 0x13f829658
file+0x131bd @ 0x13f8331bd
file+0x4b009 @ 0x13f86b009
file+0x2357a @ 0x13f84357a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: file+0x28d77
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: file.exe
exception.exception_code: 0xc0000005
exception.offset: 167287
exception.address: 0x13f848d77
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: -72340172838076673
registers.rbx: 0
registers.rsp: 2554880
registers.r11: -9187201950435737472
registers.r8: 0
registers.r9: -72340170901133011
registers.rdx: 5360715990
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00038200', u'virtual_address': u'0x00001000', u'entropy': 6.921985606712699, u'name': u'.text', u'virtual_size': u'0x0003815a'} entropy 6.92198560671 description A section with a high entropy has been found
section {u'size_of_data': u'0x00058200', u'virtual_address': u'0x00051000', u'entropy': 7.999513241005161, u'name': u'.jss', u'virtual_size': u'0x00058200'} entropy 7.99951324101 description A section with a high entropy has been found
section {u'size_of_data': u'0x00058200', u'virtual_address': u'0x000aa000', u'entropy': 7.999513241005161, u'name': u'.jss', u'virtual_size': u'0x00058200'} entropy 7.99951324101 description A section with a high entropy has been found
entropy 0.933232931727 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Skyhigh BehavesLike.Win64.Generic.dc
ALYac Gen:Variant.Lazy.677740
Cylance Unsafe
VIPRE Gen:Variant.Lazy.677740
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Gen:Variant.Lazy.677740
Arcabit Trojan.Lazy.DA576C
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.HING
APEX Malicious
Avast MalwareX-gen [Cryp]
ClamAV Win.Packed.Zusy-10044253-0
Kaspersky VHO:Trojan-PSW.Win32.Stealer.gen
MicroWorld-eScan Gen:Variant.Lazy.677740
Rising Stealer.Convagent!8.1326D (TFE:1:szn6mGmGidC)
Emsisoft Gen:Variant.Lazy.677740 (B)
McAfeeD ti!714E9BE09C6A
CTX exe.unknown.lazy
Sophos Troj/Krypt-AQA
SentinelOne Static AI - Suspicious PE
Google Detected
Antiy-AVL Trojan/Win32.Caynamer
Kingsoft malware.kb.a.980
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm Troj/Krypt-AQA
GData Gen:Variant.Lazy.677740
AhnLab-V3 Trojan/Win.Lazy.C5755681
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9Z
huorong Trojan/Agent.bkf
AVG MalwareX-gen [Cryp]