popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

b8a29f25-f7f4-4b8f-9e0f-17fb849255b5

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 6, 2025, 9:34 p.m. May 6, 2025, 9:36 p.m.
Size 584.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 44fd76204dcaf60f12a9067ea19ff727
SHA256 09822446e89d4a19fb638ea05fe85eb6f02976aa3db8f85aa1e359a6963cec2a
CRC32 62A913C7
ssdeep 12288:1AJvsvm4soaUtcLZAZsr8MAOStuoWhWIdiqMJsxL/z0zkXmYHrVTF4:GwUXFsSTdinsxX0zk/Hr9a
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .BSS
section .gxfg
section .retplne
section _RDATA
section .cSs
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
b8a29f25-f7f4-4b8f-9e0f-17fb849255b5+0x1ab87 @ 0x13f70ab87
b8a29f25-f7f4-4b8f-9e0f-17fb849255b5+0xc126 @ 0x13f6fc126
b8a29f25-f7f4-4b8f-9e0f-17fb849255b5+0x3a009 @ 0x13f72a009
b8a29f25-f7f4-4b8f-9e0f-17fb849255b5+0x15af2 @ 0x13f705af2
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: b8a29f25-f7f4-4b8f-9e0f-17fb849255b5+0x1ab87
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: b8a29f25-f7f4-4b8f-9e0f-17fb849255b5.exe
exception.exception_code: 0xc0000005
exception.offset: 109447
exception.address: 0x13f70ab87
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2948192
registers.r11: 1649342465
registers.r8: 1
registers.r9: 1649342464
registers.rdx: 5359402822
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x00028400', u'virtual_address': u'0x00001000', u'entropy': 6.959868801291911, u'name': u'.text', u'virtual_size': u'0x00028215'} entropy 6.95986880129 description A section with a high entropy has been found
section {u'size_of_data': u'0x0005a800', u'virtual_address': u'0x00040000', u'entropy': 7.999486512047219, u'name': u'.cSs', u'virtual_size': u'0x0005a800'} entropy 7.99948651205 description A section with a high entropy has been found
entropy 0.897084048027 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Lumma.1u!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Ghanarava.17464664709ff727
Skyhigh BehavesLike.Win64.VirusWinExpiro.hc
ALYac Gen:Variant.Lazy.674883
Cylance Unsafe
VIPRE Gen:Variant.Lazy.674883
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.674883
K7GW Trojan ( 005c50ab1 )
K7AntiVirus Trojan ( 005c50ab1 )
Arcabit Trojan.Lazy.DA4C43
VirIT Trojan.Win64.Genus.HZV
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.EZV
APEX Malicious
Avast Win64:MalwareX-gen [Cryp]
ClamAV Win.Packed.Tedy-10044025-0
Kaspersky Trojan-PSW.Win32.Lumma.izx
Alibaba TrojanPSW:Win32/Lumma.726bc5c6
NANO-Antivirus Trojan.Win64.Lumma.kwvnup
MicroWorld-eScan Gen:Variant.Lazy.674883
Rising Backdoor.DcRat!8.129D9 (TFE:1:OfHhlSV0GZG)
Emsisoft Gen:Variant.Lazy.674883 (B)
F-Secure Trojan.TR/Kryptik.ahxon
DrWeb Trojan.PWS.Lumma.2337
Zillya Trojan.Kryptik.Win64.57004
McAfeeD ti!09822446E89D
CTX exe.trojan.kryptik
Sophos Troj/Krypt-AQA
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Generic.huiei
Webroot Win.Malware.Gen
Google Detected
Avira TR/Kryptik.ahxon
Antiy-AVL GrayWare/Win32.Wacapew
Kingsoft malware.kb.a.987
Gridinsoft Ransom.Win64.TrickBot.oa!s1
Xcitium Malware@#35ic7aqfsggqk
Microsoft Trojan:Win64/LummaC.AM!MTB
ZoneAlarm Troj/Krypt-AQA
GData Gen:Variant.Lazy.674883
Varist W64/ABTrojan.IJYQ-5608
AhnLab-V3 Trojan/Win.Kryptik.R699257
McAfee ACL/Generic.JCTH
DeepInstinct MALICIOUS
VBA32 TrojanPSW.Win64.Lumma