Report - ZeroBOX

ScreenShot

Info
Location map


Created	2025.03.26 15:44	Machine	s1_win7_x6401
Filename	ChromeUpdate.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
AI Score	7	Behavior Score	2.4
ZERO API	file : malware
VT API (file)	59 detected (AIDetectMalware, Dump, Malicious, score, Ghanarava, Mint, Zamg, Unsafe, Save, confidence, Ransomware, Rultazo, moderate confidence, Kryptik, GPFY, Gandcrab, Chapak, byhu, fmprui, CLOUD, AGEN, MulDrop9, R002C0CAR25, Real Protect, moderate, Static AI, Malicious PE, Detected, Azden, PB@8fhzsu, Zbot, Artemis, BScope, Fuery, GdSda, Gencirc, GenAsa, WF+i2Ld6dJI, SelfLoader, susgen, GPMP, AJH2XJC)
md5	168e78a7154b2453627f5ca82e9ccced
sha256	d311d65ddc8477c84bd77baa9606980515962231ea048e6c65d3d9b1bc527464
ssdeep	1536:xkUWKUdv3CFSZeDzHLCepBZC6ZqByD9zY+6QKyxpPBUovMaZw4:xTFUdEUeDzH5ZCGp98+SYJUod9
imphash	60fb7881a24261de66da7b0e94e99a33
impfuzzy	3:FBdlAWBJAEPw1MO/OywS9KTXzhAXwEQaxRYNLbW6ISeWAGXyBV3n:FBdlFBJAEoZ/OEGDzyRMbuSzyBV3n

Network IP location

Signature (4cnts)

Level	Description
danger	File has been identified by 59 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	The executable is compressed using UPX

Rules (3cnts)

Level	Name	Description	Collection
danger	Poorweb_Zero	Poorweb	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

GDI32.dll
0x43b2d0 EndDoc
KERNEL32.DLL
0x43b2d8 LoadLibraryA
0x43b2dc ExitProcess
0x43b2e0 GetProcAddress
0x43b2e4 VirtualProtect
SHELL32.dll
0x43b2ec ShellAboutW
USER32.dll
0x43b2f4 EndPaint

EAT(Export Address Table) is none

Report - ChromeUpdate.exe

Signature (4cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure