popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 4, 2025, 12:43 p.m. May 4, 2025, 12:46 p.m.
Size 1.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5c6a88863f1f2a6e5079fd5e3e3160f4
SHA256 756da6493a9e0ec6c237b6e972faaa65aa8855697be066c34e886ec751e7f51c
CRC32 62814FA1
ssdeep 49152:wWRINtFU9z/46aw5vHZnWHItRf4Qy7BHlcca1jsI6Xt47tzt:wWKtFU9z/46aw5vH1WHItRf4Qy7BHlc+
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B6
section .gxfg
section .retplne
section _RDATA
section .jss
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xd3fc3 @ 0x13f4b3fc3
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xb144 @ 0x13f3eb144
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x1050f6 @ 0x13f4e50f6
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x6b51d @ 0x13f44b51d
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x6ab45 @ 0x13f44ab45
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x6a0c5 @ 0x13f44a0c5
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x71c18 @ 0x13f451c18
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x6fc5a @ 0x13f44fc5a
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x10747d @ 0x13f4e747d
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xbc6ca @ 0x13f49c6ca
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xbb929 @ 0x13f49b929
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x71c18 @ 0x13f451c18
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xba01d @ 0x13f49a01d
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xb4563 @ 0x13f494563
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xb3149 @ 0x13f493149
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xaedff @ 0x13f48edff
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xa4ae0 @ 0x13f484ae0
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0x92479 @ 0x13f472479
cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xc4bb7 @ 0x13f4a4bb7
TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x76d42484
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x76d50c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0+0xd3fc3
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: cc6e2f6e-3b4d-46bf-94fb-99186ed3c3d0.exe
exception.exception_code: 0xc0000005
exception.offset: 868291
exception.address: 0x13f4b3fc3
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: -72340172838076673
registers.rbx: 0
registers.rsp: 7011040
registers.r11: -9187201950435737472
registers.r8: 1
registers.r9: 3665725351
registers.rdx: 5356992024
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x000e8c00', u'virtual_address': u'0x00001000', u'entropy': 7.047340550540461, u'name': u'.text', u'virtual_size': u'0x000e8b3e'} entropy 7.04734055054 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002600', u'virtual_address': u'0x00105000', u'entropy': 6.9604320580166394, u'name': u'.B6', u'virtual_size': u'0x0000253a'} entropy 6.96043205802 description A section with a high entropy has been found
section {u'size_of_data': u'0x00056c00', u'virtual_address': u'0x0010e000', u'entropy': 7.99940163118378, u'name': u'.jss', u'virtual_size': u'0x00056c00'} entropy 7.99940163118 description A section with a high entropy has been found
section {u'size_of_data': u'0x00056c00', u'virtual_address': u'0x00165000', u'entropy': 7.99940163118378, u'name': u'.jss', u'virtual_size': u'0x00056c00'} entropy 7.99940163118 description A section with a high entropy has been found
entropy 0.939907993099 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Vidar.tsNL
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Ghanarava.17462648023160f4
Skyhigh BehavesLike.Win64.Suspect.tc
ALYac Gen:Variant.Lazy.676353
Cylance Unsafe
VIPRE Gen:Variant.Lazy.676353
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.676353
K7GW Trojan ( 005c593d1 )
K7AntiVirus Trojan ( 005c593d1 )
Arcabit Trojan.Lazy.DA5201
VirIT Trojan.Win32.GenusT.EVRK
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.FAZ
APEX Malicious
Avast Win64:MalwareX-gen [Cryp]
Kaspersky Trojan-PSW.Win32.Lumma.kil
Alibaba Trojan:Win64/GenKryptik.b436b262
MicroWorld-eScan Gen:Variant.Lazy.676353
Rising Trojan.ShellCodeLoader!1.12B08 (CLASSIC)
Emsisoft Gen:Variant.Lazy.676353 (B)
F-Secure Trojan.TR/Crypt.Agent.ornoh
DrWeb Trojan.Packed2.49101
Zillya Trojan.GenKryptik.Win64.49981
TrendMicro Trojan.Win64.AMADEY.YXFDOZ
McAfeeD ti!756DA6493A9E
CTX exe.trojan.lumma
Sophos Troj/Krypt-AQA
Jiangmin Trojan.PSW.Lumma.hz
Webroot Win.Infostealer.Lumma
Google Detected
Avira TR/Crypt.Agent.ornoh
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft malware.kb.a.893
Xcitium Malware@#1uu5d319j3fm4
Microsoft Trojan:Win64/LummaC.NFI!MTB
ZoneAlarm Troj/Krypt-AQA
GData Gen:Variant.Lazy.676353
Varist W64/ABTrojan.QAFI-6353
AhnLab-V3 Trojan/Win.Generic.R700376
McAfee Artemis!5C6A88863F1F
DeepInstinct MALICIOUS
VBA32 TrojanPSW.Lumma
Malwarebytes Trojan.MalPack.PES.Generic
Ikarus Trojan.Win64.Krypt
Panda Trj/GdSda.A