popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Men.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 28, 2025, 9:17 a.m. April 28, 2025, 9:24 a.m.
Size 1.8MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 dcee0a6be229f2a1df71c0ca1cf86df6
SHA256 487420dd26047e44f53acd3d3a80ed51d798fa6426ea7d065e7296f6b36692ff
CRC32 CFCCC9D9
ssdeep 24576:FJZWN8ek3jM3HIwlzI2ZG1RSQ3ac1irL8bujtYgidK1XNm:W8ekTM3H7lz7OSQ3a+fgidK1XY
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0
Time & API Arguments Status Return Repeated

NtGetContextThread

 thread_handle: 0x00000000000000d4
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d4
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d4
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d4
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d4
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d4
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d4
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d4
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0

NtGetContextThread

 thread_handle: 0x00000000000000d8
1 0 0

NtResumeThread

 thread_handle: 0x00000000000000d8
suspend_count: 1
process_identifier: 508
1 0 0
Bkav W64.AIDetectMalware
Cynet Malicious (score: 99)
CAT-QuickHeal cld.trojan.win64
Skyhigh Artemis!Trojan
Cylance Unsafe
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.GenericKD.76292790
K7GW Trojan ( 005c573e1 )
K7AntiVirus Trojan ( 005c573e1 )
Arcabit Trojan.Generic.D48C22B6
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/Kryptik.GM
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan.Win64.GoInj.aw
Alibaba Trojan:Win64/GoInj.7ec04051
MicroWorld-eScan Trojan.GenericKD.76292790
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Trojan.GenericKD.76292790 (B)
F-Secure Trojan.TR/Redcap.szxic
DrWeb Trojan.Inject5.25093
TrendMicro TrojanSpy.Win64.LUMMASTEALER.YXFD1Z
McAfeeD ti!487420DD2604
Trapmine suspicious.low.ml.score
CTX exe.trojan.goinj
Sophos Mal/Generic-S
Jiangmin Trojan.Cometer.brw
Google Detected
Avira TR/Redcap.szxic
Antiy-AVL Trojan/Win64.GoInj
Gridinsoft Spy.Win64.Gen.tr
Microsoft Trojan:Win32/Wacatac.B!ml
GData Win64.Trojan.Agent.XRP0XG
Varist W64/ABApplication.DUCE-0954
McAfee Artemis!DCEE0A6BE229
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Ikarus Trojan.Win64.Rozena
Panda Trj/Chgt.AD
TrendMicro-HouseCall TrojanSpy.Win64.LUMMASTEALER.YXFD1Z
Tencent Win32.Trojan.FalseSign.Cnhl
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Multi/GoInj.ar