PUP.NetBox

Analysis Report

General information

Family Name: PUP.NetBox
Signature status: No Signature

Known Samples

MD5: f02505ec4338669f48743a4d570c1f8a
SHA1: b3b9c7999288a37a96328dc8af66edf436056b8e
SHA256: 1265209C0E63C30E570F39E56BFAB23AFFA8D2560ED99DF77AD3760A54B99D1F
File Size: 648.82 KB, 648824 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description Powered by NetBox
File Version 2, 8, 4128, 0
Legal Copyright Copyright (C) 2003 ZYDSoft Corp.
Net Box Homepage http://www.netbox.cn
Product Version 2, 8, 4128, 0
Release Date Time Dec 02 01:52:57 2004

File Traits

  • 2+ executable sections
  • HighEntropy
  • x86

Block Information

Total Blocks: 2
Potentially Malicious Blocks: 0
Whitelisted Blocks: 1
Unknown Blocks: 1

Visual Map

0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup
Encryption Used
  • CryptAcquireContext
Network Wininet
  • InternetSetOption

Trending

Most Viewed

Loading...