popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

200.jpg

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 6, 2025, 9:29 p.m. May 6, 2025, 9:34 p.m.
Size 421.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a88a0c4d6e13fae0fe18355522632341
SHA256 34214083ce60696dc171d58c3152856c1a0eb661a4741e22a340bdd52258b130
CRC32 5E2403B4
ssdeep 12288:Vtgngwr9wDtwTiLwDUwS9woaH6w4/9C1nA3W2PiTuNyl036pfKbQxr/hNi1LLAEj:j+gwr9wDtwTiLwDUwIwoaH6w4/9OnAC4
PDB Path c:\omtnkdoj\bnwv\yogisfk\cqf.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.156.72.39 Active Moloch
195.154.243.185 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.156.72.39:5151 -> 192.168.56.103:49162 2400031 ET DROP Spamhaus DROP Listed Traffic Inbound group 32 Misc Attack

Suricata TLS

No Suricata TLS

pdb_path c:\omtnkdoj\bnwv\yogisfk\cqf.pdb
description 200.jpg tried to sleep 600 seconds, actually delayed analysis time by 0 seconds
Time & API Arguments Status Return Repeated

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0

DeviceIoControl

 input_buffer:
control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO)
device_handle: 0x000000d4
output_buffer: 
1 1 0
section {u'size_of_data': u'0x00059400', u'virtual_address': u'0x00013000', u'entropy': 7.9363288588584, u'name': u'.data', u'virtual_size': u'0x0005a400'} entropy 7.93632885886 description A section with a high entropy has been found
entropy 0.85 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0
host 185.156.72.39
host 195.154.243.185
Time & API Arguments Status Return Repeated

NtShutdownSystem

 action: 1 (ShutdownReboot)
0 0
Bkav W32.Common.2D909D08
Lionic Trojan.Win32.Pitou.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.PitouRI.S28786866
Skyhigh BehavesLike.Win32.Generic.gc
McAfee GenericRXHQ-SA!A88A0C4D6E13
Cylance Unsafe
VIPRE Gen:Variant.Lazy.214906
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.214906
K7GW Trojan ( 0051ac701 )
K7AntiVirus Trojan ( 0051ac701 )
Arcabit Trojan.Lazy.D3477A
VirIT Trojan.Win32.Genus.UYL
Symantec ML.Attribute.HighConfidence
Elastic Windows.Generic.Threat
ESET-NOD32 Win32/Pitou.K
APEX Malicious
Avast Win32:Pitou-A [Rtk]
Kaspersky UDS:Trojan.Win32.Generic
Alibaba Trojan:Win32/Pitou.887f0e6d
NANO-Antivirus Trojan.Win32.Pitou.jpbcqi
SUPERAntiSpyware Trojan.Agent/Gen-Crypt
MicroWorld-eScan Gen:Variant.Lazy.214906
Rising Backdoor.Pitou!1.D9BF (CLASSIC)
Emsisoft Gen:Variant.Lazy.214906 (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.Pitou.17
Zillya Trojan.Pitou.Win32.1743
McAfeeD ti!34214083CE60
Trapmine malicious.high.ml.score
CTX exe.trojan.pitou
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.hehmg
Webroot W32.Trojan.TR.Crypt.XPACK
Google Detected
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Trojan/Win32.Pitou
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Downloader.oa!s1
Xcitium TrojWare.Win32.TrojanDownloader.Onkods.Q@52urg7
Microsoft Trojan:Win32/Pitou.AC!MTB
ViRobot Trojan.Win.Z.Pitou.431104.A
GData Gen:Variant.Lazy.214906
Varist W32/Pitou.B.gen!Eldorado
AhnLab-V3 Trojan/Win32.Tepfer.R96475
VBA32 Trojan.Pitou
TACHYON Trojan-Dropper/W32.Quphix.431104
DeepInstinct MALICIOUS