popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

load.exe

Generic Malware
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 11, 2021, 3:43 p.m. March 11, 2021, 3:43 p.m.
Size 284.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5ed271e10ba37319d01d44acd33489a7
SHA256 178fb69c394a6d86a3695acbb025bc2f3be31dea683ee6e5016af0566eef8111
CRC32 0E139FD2
ssdeep 6144:p1fScdMZ+ZaBOwGhLYZnVaGf3aOB3JZAI7:p1K8MZ+ZaZGhLYvaW3asZ
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Generic_Malware_Zero - Generic Malware
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .pegiwan
resource name WEXE
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00954000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2208
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00390000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0002d200', u'virtual_address': u'0x00001000', u'entropy': 6.879192056043289, u'name': u'.text', u'virtual_size': u'0x0002d071'} entropy 6.87919205604 description A section with a high entropy has been found
entropy 0.637809187279 description Overall entropy of this PE file is high
description Code injection with CreateRemoteThread in a remote process rule inject_thread
description Create a windows service rule create_service
description Communications over UDP network rule network_udp_sock
description Listen for incoming communication rule network_tcp_listen
description Communications over P2P network rule network_p2p_win
description Communications over HTTP rule network_http
description File downloader/dropper rule network_dropper
description Communications over FTP rule network_ftp
description Communications over RAW socket rule network_tcp_socket
description Communications use DNS rule network_dns
description Communication using dga rule network_dga
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
description Steal credential rule cred_local
description Record Audio rule sniff_audio
description APC queue tasks migration rule migrate_apc
description Malware can spread east-west using share drive rule spreading_share
description Create or check mutex rule win_mutex
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_private_profile
description Affect private profile rule win_files_operation
description Match Winsock 2 API library declaration rule Str_Win32_Winsock2_Library
description Match Windows Inet API library declaration rule Str_Win32_Wininet_Library
description Match Windows Inet API call rule Str_Win32_Internet_API
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen12.33291
MicroWorld-eScan Gen:Variant.Midie.79843
FireEye Generic.mg.5ed271e10ba37319
Qihoo-360 Win32/Trojan.Generic.HwoCztQA
McAfee Packed-GBF!5ED271E10BA3
Malwarebytes Trojan.MalPack.GS
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00578fa11 )
Alibaba Trojan:Win32/Kryptik.cedc735a
K7GW Trojan ( 00578fa11 )
BitDefenderTheta Gen:NN.ZexaF.34608.ry0@aa5uCqlG
Cyren W32/Trojan.PLLC-3292
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Injuke.gen
BitDefender Gen:Variant.Midie.79843
Avast Win32:PWSX-gen [Trj]
Rising Trojan.Kryptik!1.D387 (CLOUD)
Ad-Aware Gen:Variant.Midie.79843
Emsisoft Trojan.Crypt (A)
F-Secure Trojan.TR/Crypt.XPACK.mexwf
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Sophos Mal/Generic-S
Ikarus Trojan-Dropper.Agent
GData Gen:Variant.Midie.79843
ESET-NOD32 a variant of Win32/Kryptik.HJWA
Webroot W32.Trojan.Gen
Avira TR/Crypt.XPACK.mexwf
MAX malware (ai score=100)
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Agent.vb
Arcabit Trojan.Midie.D137E3
ZoneAlarm HEUR:Trojan.Win32.Injuke.gen
Microsoft Trojan:Win32/Azorult.NC!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Hynamer.R371469
ALYac Gen:Variant.Midie.79843
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0CCA21
Tencent Win32.Trojan.Injuke.Taza
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_96%
AVG Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen