popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

poploader-2.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 6, 2021, 4:38 p.m. April 6, 2021, 4:40 p.m.
Size 661.9KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ce7d134fdcc4b4f44a279dc959886c9e
SHA256 010cc8cdd8f6c896454526cd5300c01a1aa9328810095b385026fe3995696d09
CRC32 CDC2767A
ssdeep 12288:aX7BhiCASPcUnyizx9IWzZGB+VusVOmpDNpybkc0a08YiHaQQ+uO7d:atJ3nyi8PspdBpi/tYiHr
PDB Path e:\ZM_Project\KuaiZip\bin\Release\X86\poploader.pdb
Yara
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path e:\ZM_Project\KuaiZip\bin\Release\X86\poploader.pdb
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009d6c8 size 0x00000468
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009dba8 size 0x00000076
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009dba8 size 0x00000076
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0009dc20 size 0x00000250
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: \X86\KZReport.exe
parameters:
filepath: \X86\KZReport.exe
0 0
host 172.217.25.14
Bkav W32.HfsAdware.C51A
DrWeb Program.Kuaizip.1
FireEye Generic.mg.ce7d134fdcc4b4f4
CAT-QuickHeal Trojan.Sigmal.S2722134
McAfee Artemis!CE7D134FDCC4
Cylance Unsafe
Zillya Adware.KuaiZip.Win32.83
SUPERAntiSpyware Adware.KuaiZip/Variant
K7AntiVirus Unwanted-Program ( 005323b41 )
Alibaba Backdoor:Win32/KZip.72453b99
K7GW Unwanted-Program ( 005323b41 )
Invincea heuristic
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/KuaiZip.Q potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002H0CJN19
Kaspersky not-a-virus:HEUR:AdWare.Win32.KuaiZip.gen
NANO-Antivirus Riskware.Win32.KuaiZip.fuxvpb
Comodo Malware@#3mmi1ad7zmwl2
F-Secure Backdoor.BDS/Backdoor.Gen
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis!PUP
Sophos Generic PUA DA (PUA)
Ikarus Backdoor.Backdoor
Jiangmin AdWare.KuaiZip.s
Webroot W32.Trojan.Gen
Avira BDS/Backdoor.Gen
MAX malware (ai score=95)
Antiy-AVL Trojan/Win32.TSGeneric
Microsoft PUA:Win32/KuaiZip
Endgame malicious (high confidence)
ZoneAlarm not-a-virus:HEUR:AdWare.Win32.KuaiZip.gen
AhnLab-V3 PUP/Win32.KuaiZip.C2266796
VBA32 BScope.Adware.KuaiZip
Rising PUF.KuaiZip!8.2F40 (TFE:5:641NX91xg6U)
Yandex Riskware.Agent!
SentinelOne DFI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/KuaiZip
MaxSecure Trojan.Malware.73376928.susgen
AVG FileRepMalware
CrowdStrike win/malicious_confidence_60% (D)