Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 4, 2025, 12:45 p.m.	May 4, 2025, 1:06 p.m.

Size	4.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`09375a73a9d657f13a3c5029adeda8e7`
SHA256	`2eceab88bc69b742fb41a2f5499559c2b1a692b785a1cca03319da4cdc2e7005`
CRC32	`E71D0A39`
ssdeep	`98304:sLz9dEhZZxQDcpmdmxPNZi7pf+mpxam+Vsxvm:sLz4ZYyNw1+mn6sxu`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

122cb197-71f5-4458-a146-6060be234002.exe "C:\Users\test22\AppData\Local\Temp\122cb197-71f5-4458-a146-6060be234002.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (7 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0
IsDebuggerPresent May 4, 2025, 12:45 p.m.			0	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BINARY

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 4, 2025, 12:45 p.m.	stacktrace: _CheckSystemCompatibility@4-0x18 122cb197-71f5-4458-a146-6060be234002+0x18978 @ 0x12b8978 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 33 c0 f7 f0 0f 0b b9 00 00 00 00 c7 01 ef be exception.symbol: _CheckSystemCompatibility@4-0x1755d 122cb197-71f5-4458-a146-6060be234002+0x1433 exception.instruction: int3 exception.module: 122cb197-71f5-4458-a146-6060be234002.exe exception.exception_code: 0x80000003 exception.offset: 5171 exception.address: 0x12a1433 registers.esp: 3210492 registers.edi: 1968898048 registers.eax: 0 registers.ebp: 3210652 registers.edx: 0 registers.ebx: 1359 registers.esi: 1359 registers.ecx: 256	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00056800', u'virtual_address': u'0x0001a000', u'entropy': 7.999121345110253, u'name': u'.data', u'virtual_size': u'0x00056851'}

entropy

7.99912134511

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00417600', u'virtual_address': u'0x00072000', u'entropy': 7.993468202340747, u'name': u'.rsrc', u'virtual_size': u'0x00417460'}

entropy

7.99346820234

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00004600', u'virtual_address': u'0x0048a000', u'entropy': 6.826864287385275, u'name': u'.reloc', u'virtual_size': u'0x000045b0'}

entropy

6.82686428739

description

A section with a high entropy has been found

entropy

0.979034512418

description

Overall entropy of this PE file is high

122cb197-71f5-4458-a146-6060be234002

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All