popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

VisualCode.exe

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 28, 2025, 9:06 a.m. April 28, 2025, 9:09 a.m.
Size 1.1MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 9048722b3619d93180d5b39e7fade577
SHA256 dc411841c3a1714fba35a1535d8563869b6ec3fc1cb87a9f56d057657a546077
CRC32 6A59ED66
ssdeep 12288:4DWOW9ap2T07ZoCb5OlkmH5P2GMSr7CyzKQqPKqbCqu6Bhyia1k0lh3Il8fRkZEL:H8pYtCK2GWdKE00oRk+tpnCJ
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B5
section .gxfg
section .retplne
section _RDATA
section .jss
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
visualcode+0xc85e3 @ 0x13fe785e3
visualcode+0xb2d0 @ 0x13fdbb2d0
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: visualcode+0xc85e3
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: VisualCode.exe
exception.exception_code: 0xc0000005
exception.offset: 820707
exception.address: 0x13fe785e3
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 7929600
registers.r11: 1
registers.r8: 1
registers.r9: 1
registers.rdx: 5367231924
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x000dd200', u'virtual_address': u'0x00001000', u'entropy': 7.037687219979947, u'name': u'.text', u'virtual_size': u'0x000dd176'} entropy 7.03768721998 description A section with a high entropy has been found
section {u'size_of_data': u'0x00005000', u'virtual_address': u'0x000f6000', u'entropy': 6.925663335742442, u'name': u'.B5', u'virtual_size': u'0x00004f53'} entropy 6.92566333574 description A section with a high entropy has been found
section {u'size_of_data': u'0x00022600', u'virtual_address': u'0x00101000', u'entropy': 7.998773203112042, u'name': u'.jss', u'virtual_size': u'0x00022600'} entropy 7.99877320311 description A section with a high entropy has been found
entropy 0.920494699647 description Overall entropy of this PE file is high
Skyhigh BehavesLike.Win64.VirusWinExpiro.tc
McAfee Artemis!9048722B3619
Cylance Unsafe
VIPRE Gen:Variant.Lazy.676115
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.676115
Arcabit Trojan.Lazy.DA5113
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.FAZ
APEX Malicious
Avast MalwareX-gen [Pws]
Kaspersky UDS:Trojan-PSW.Win32.Vidar.dsc
Alibaba Trojan:Win64/Kryptik.d1d44004
MicroWorld-eScan Gen:Variant.Lazy.676115
Rising Stealer.Lumma!8.177F6 (TFE:5:4XSOvUQ4zMB)
Emsisoft Gen:Variant.Lazy.676115 (B)
F-Secure Trojan.TR/Kryptik.djiea
McAfeeD ti!DC411841C3A1
CTX exe.trojan.lumma
Sophos Mal/Generic-S
Webroot Win.Infostealer.Lumma
Google Detected
Avira TR/Kryptik.djiea
Antiy-AVL Trojan[PSW]/Win32.Lumma
Kingsoft malware.kb.a.969
Gridinsoft Trojan.Win64.Kryptik.sa
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Lazy.676115
AhnLab-V3 Trojan/Win.Generic.R701596
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3163381849
Ikarus Trojan.Win64.Crypt
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9Z
huorong HEUR:Trojan/Agent.dc
Fortinet W64/GenKryptik.NQ!tr
AVG MalwareX-gen [Pws]
Paloalto generic.ml
alibabacloud Trojan[stealer]:Win/Wacatac.B9nj