popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

4c52e55f-198a-4fb0-aa95-07f706c534e5

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 4, 2025, 12:41 p.m. May 4, 2025, 12:55 p.m.
Size 1.2MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 17ddbfa8a1a8867d6806426ebb55de88
SHA256 7e1020a778f66263ac7db020a088001dd52105c58af178af050b58c516cf6aef
CRC32 EF0A897E
ssdeep 24576:/QBrDZNBpy9p/uGnNVJWA6E1KzfHRkqL8erhI3G9AW6OaX:oBPURuGNVJWA62Kz+6lrhI29H6
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .B1
section .gxfg
section .retplne
section _RDATA
section .jss
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xb0137 @ 0x13f7f0137
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xb77c @ 0x13f74b77c
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x12d3d @ 0x13f752d3d
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x128a0 @ 0x13f7528a0
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x12270 @ 0x13f752270
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xd700e @ 0x13f81700e
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x32641 @ 0x13f772641
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x31555 @ 0x13f771555
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x3050a @ 0x13f77050a
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x45d87 @ 0x13f785d87
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x3c969 @ 0x13f77c969
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xda4e4 @ 0x13f81a4e4
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xa23ae @ 0x13f7e23ae
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x45d87 @ 0x13f785d87
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x9edc5 @ 0x13f7dedc5
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x9bca1 @ 0x13f7dbca1
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x9b438 @ 0x13f7db438
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x98abc @ 0x13f7d8abc
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x97c4f @ 0x13f7d7c4f
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x847fb @ 0x13f7c47fb
4c52e55f-198a-4fb0-aa95-07f706c534e5+0x7100d @ 0x13f7b100d
4c52e55f-198a-4fb0-aa95-07f706c534e5+0xa92ab @ 0x13f7e92ab
TpPostWork+0x154 AlpcMaxAllowedMessageLength-0xcc ntdll+0x12484 @ 0x776d2484
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x776e0c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 44 0f b7 01 44 2b c0 75 19 48 2b ca 66 85 c0 74
exception.symbol: 4c52e55f-198a-4fb0-aa95-07f706c534e5+0xb0137
exception.instruction: movzx r8d, word ptr [rcx]
exception.module: 4c52e55f-198a-4fb0-aa95-07f706c534e5.exe
exception.exception_code: 0xc0000005
exception.offset: 721207
exception.address: 0x13f7f0137
registers.r14: 0
registers.r15: 0
registers.rcx: 110
registers.rsi: 0
registers.r10: -72340172838076673
registers.rbx: 0
registers.rsp: 8191888
registers.r11: -9187201950435737472
registers.r8: 1
registers.r9: 8187461
registers.rdx: 5360356068
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 75
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x000bf600', u'virtual_address': u'0x00001000', u'entropy': 7.064664577798212, u'name': u'.text', u'virtual_size': u'0x000bf460'} entropy 7.0646645778 description A section with a high entropy has been found
section {u'size_of_data': u'0x00003a00', u'virtual_address': u'0x000d7000', u'entropy': 6.92663896484155, u'name': u'.B1', u'virtual_size': u'0x00003932'} entropy 6.92663896484 description A section with a high entropy has been found
section {u'size_of_data': u'0x00055e00', u'virtual_address': u'0x000e1000', u'entropy': 7.999487583039846, u'name': u'.jss', u'virtual_size': u'0x00055e00'} entropy 7.99948758304 description A section with a high entropy has been found
entropy 0.932365145228 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Lumma.1u!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Ghanarava.174626470655de88
Skyhigh BehavesLike.Win64.VirusWinExpiro.tc
ALYac Gen:Variant.Lazy.676115
Cylance Unsafe
VIPRE Gen:Variant.Lazy.676115
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.676115
K7GW Trojan ( 005c55e51 )
K7AntiVirus Trojan ( 005c55e51 )
Arcabit Trojan.Lazy.DA5113
VirIT Trojan.Win64.Agent.IAC
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.FAN
APEX Malicious
Avast Win64:MalwareX-gen [Cryp]
Kaspersky Trojan-PSW.Win32.Lumma.jya
Alibaba Trojan:Win64/Kryptik.7a208003
MicroWorld-eScan Gen:Variant.Lazy.676115
Rising Trojan.ShellCodeLoader!1.12B08 (CLASSIC)
Emsisoft Gen:Variant.Lazy.676115 (B)
F-Secure Trojan.TR/Kryptik.embsl
DrWeb Trojan.PWS.Lumma.2549
Zillya Trojan.Kryptik.Win64.57040
TrendMicro Trojan.Win64.AMADEY.YXFDKZ
McAfeeD ti!7E1020A778F6
Trapmine suspicious.low.ml.score
CTX exe.trojan.lumma
Sophos Troj/Krypt-AQA
Jiangmin Trojan.PSW.Lumma.hf
Webroot Win.Trojan.Lumma
Google Detected
Avira TR/Kryptik.embsl
Antiy-AVL Trojan[PSW]/Win32.Lumma
Kingsoft malware.kb.a.995
Xcitium Malware@#30z6g4o7axark
Microsoft Trojan:Win64/LummaStealer.SJOP!MTB
ZoneAlarm Troj/Krypt-AQA
GData Gen:Variant.Lazy.676115
Varist W64/Agent.NGBE
AhnLab-V3 Trojan/Win.LummaStealer.R699990
McAfee Artemis!17DDBFA8A1A8
DeepInstinct MALICIOUS
VBA32 TrojanPSW.Lumma
Malwarebytes Crypt.Trojan.MSIL.DDS
Ikarus Trojan.Win64.Crypt