popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

44eed8d4-5207-493c-85f8-25e64148dc0c

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 4, 2025, 12:42 p.m. May 4, 2025, 12:44 p.m.
Size 1.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 54e012b7bf090c3014cd59aef607d77d
SHA256 e9b837cd0778399ecd8f4d287c34fbf86fe77e1a1288077c842f6b183576ff11
CRC32 DAB21219
ssdeep 24576:9JVZ5U/gvMH5AhowOnRqUKkYW10Z0Y3ULgQbE9dMY3ULgQbE9d:9JVZ5U/gvMHqowOnRNYW1+0tJt
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B6
section .gxfg
section .retplne
section _RDATA
section .jss
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
44eed8d4-5207-493c-85f8-25e64148dc0c+0xccff3 @ 0x13f3fcff3
44eed8d4-5207-493c-85f8-25e64148dc0c+0x5a59 @ 0x13f335a59
44eed8d4-5207-493c-85f8-25e64148dc0c+0xfe092 @ 0x13f42e092
44eed8d4-5207-493c-85f8-25e64148dc0c+0x662f9 @ 0x13f3962f9
44eed8d4-5207-493c-85f8-25e64148dc0c+0x656f6 @ 0x13f3956f6
44eed8d4-5207-493c-85f8-25e64148dc0c+0x64cb0 @ 0x13f394cb0
44eed8d4-5207-493c-85f8-25e64148dc0c+0x6d3de @ 0x13f39d3de
44eed8d4-5207-493c-85f8-25e64148dc0c+0x6ab6e @ 0x13f39ab6e
44eed8d4-5207-493c-85f8-25e64148dc0c+0xb54d1 @ 0x13f3e54d1
44eed8d4-5207-493c-85f8-25e64148dc0c+0x6d3de @ 0x13f39d3de
44eed8d4-5207-493c-85f8-25e64148dc0c+0xb316a @ 0x13f3e316a
44eed8d4-5207-493c-85f8-25e64148dc0c+0xb0870 @ 0x13f3e0870
44eed8d4-5207-493c-85f8-25e64148dc0c+0xaf19d @ 0x13f3df19d
44eed8d4-5207-493c-85f8-25e64148dc0c+0xace97 @ 0x13f3dce97
44eed8d4-5207-493c-85f8-25e64148dc0c+0x9bda6 @ 0x13f3cbda6
44eed8d4-5207-493c-85f8-25e64148dc0c+0x8e208 @ 0x13f3be208
44eed8d4-5207-493c-85f8-25e64148dc0c+0xbdbc7 @ 0x13f3edbc7
TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x76d42484
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x76d50c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: 44eed8d4-5207-493c-85f8-25e64148dc0c+0xccff3
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: 44eed8d4-5207-493c-85f8-25e64148dc0c.exe
exception.exception_code: 0xc0000005
exception.offset: 839667
exception.address: 0x13f3fcff3
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: -72340172838076673
registers.rbx: 0
registers.rsp: 7601008
registers.r11: -9187201950435737472
registers.r8: 0
registers.r9: -72340170901133011
registers.rdx: 5356242376
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x000e1c00', u'virtual_address': u'0x00001000', u'entropy': 7.046736905221551, u'name': u'.text', u'virtual_size': u'0x000e1b6e'} entropy 7.04673690522 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002800', u'virtual_address': u'0x000fe000', u'entropy': 6.937011670509002, u'name': u'.B6', u'virtual_size': u'0x000026cd'} entropy 6.93701167051 description A section with a high entropy has been found
section {u'size_of_data': u'0x00056c00', u'virtual_address': u'0x00107000', u'entropy': 7.9994039718823995, u'name': u'.jss', u'virtual_size': u'0x00056c00'} entropy 7.99940397188 description A section with a high entropy has been found
section {u'size_of_data': u'0x00056c00', u'virtual_address': u'0x0015e000', u'entropy': 7.9994039718823995, u'name': u'.jss', u'virtual_size': u'0x00056c00'} entropy 7.99940397188 description A section with a high entropy has been found
entropy 0.939216832262 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Krypt.i!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Ghanarava.174626596907d77d
Skyhigh BehavesLike.Win64.Suspect.tc
ALYac Gen:Variant.Lazy.676353
Cylance Unsafe
VIPRE Gen:Variant.Lazy.676353
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.676353
K7GW Trojan ( 005c5b011 )
K7AntiVirus Trojan ( 005c5b011 )
Arcabit Trojan.Lazy.DA5201
VirIT Trojan.Win32.GenusT.EVVK
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.FAZ
APEX Malicious
Avast Win64:MalwareX-gen [Cryp]
Kaspersky Trojan-PSW.Win32.Lumma.kit
Alibaba Trojan:Win64/GenKryptik.6d69fb39
MicroWorld-eScan Gen:Variant.Lazy.676353
Rising Trojan.LummaStealer!8.17CC6 (TFE:1:wtFsuAm2TiB)
Emsisoft Gen:Variant.Lazy.676353 (B)
F-Secure Trojan.TR/Crypt.Agent.dculb
Zillya Trojan.GenKryptik.Win64.50159
TrendMicro Trojan.Win64.AMADEY.YXFDOZ
McAfeeD ti!E9B837CD0778
CTX exe.trojan.generic
Sophos Troj/Krypt-AQA
Jiangmin Trojan.PSW.Lumma.jd
Google Detected
Avira TR/Crypt.Agent.dculb
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft malware.kb.a.728
Xcitium Malware@#26lpr2uv81g44
Microsoft Trojan:Win64/LummaC.NFI!MTB
ZoneAlarm Troj/Krypt-AQA
GData Gen:Variant.Lazy.676353
Varist W64/ABTrojan.BHBH-1349
AhnLab-V3 Trojan/Win.Generic.R700376
McAfee Artemis!54E012B7BF09
DeepInstinct MALICIOUS
VBA32 TrojanPSW.Lumma
Malwarebytes Trojan.MalPack.PES.Generic
Ikarus Trojan.Win64.Krypt
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9Z
Tencent Malware.Win32.Gencirc.10c37b09