popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

win.com

Gen1 Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 12, 2021, 10:40 a.m. April 12, 2021, 10:46 a.m.
Size 1003.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 73e9a221cc6f41c56c6664e9d0ca0ced
SHA256 319e0b72717f820b8972fd543e2584072efa741cd66e594b155a939575a7ffb3
CRC32 EEDCC5DA
ssdeep 24576:rmoO8itEqfZK4cC/1rx0D3r7hSHZKhKF3cgOWndEmjVbna/7V/l:qvZrtgk5+KirWndPVMRl
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • Antivirus - Contains references to security software
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b62000
process_handle: 0xffffffff
1 0 0
file C:\Windows (x86)\KBDMLT48.DLL
file C:\Windows (x86)\KBDBE.DLL
file C:\Windows (x86)\KBDCZ1.DLL
file C:\Windows (x86)\TRACERT.EXE
file C:\Windows (x86)\KBDMONST.DLL
file C:\Windows (x86)\KBDMYAN.DLL
file C:\Windows (x86)\KBDAZST.DLL
file C:\Windows (x86)\KBDNTL.DLL
file C:\Windows (x86)\KBDA2.DLL
file C:\Windows (x86)\KBDBENE.DLL
file C:\Windows (x86)\icmp.dll
file C:\Windows (x86)\KBDINDEV.DLL
file C:\Windows (x86)\asferror.dll
file C:\Windows (x86)\kbdgeoer.dll
file C:\Windows (x86)\KBDPASH.DLL
file C:\Windows (x86)\KBDBR.DLL
file C:\Windows (x86)\tier2punctuations.dll
file C:\Windows (x86)\KBDLT.DLL
file C:\Windows (x86)\KBDHU.DLL
file C:\Windows (x86)\KBDSMSFI.DLL
file C:\Windows (x86)\KBDUKX.DLL
file C:\Windows (x86)\kbdax2.dll
file C:\Windows (x86)\KBDFR.DLL
file C:\Windows (x86)\KBDYCC.DLL
file C:\Windows (x86)\KBDINBE1.DLL
file C:\Windows (x86)\kbd101a.dll
file C:\Windows (x86)\KBDTUF.DLL
file C:\Windows (x86)\KBDBLR.DLL
file C:\Windows (x86)\KBDTUQ.DLL
file C:\Windows (x86)\KBDFTHRK.DLL
file C:\Windows (x86)\KBDIBO.DLL
file C:\Windows (x86)\kbd106.dll
file C:\Windows (x86)\KBDLT2.DLL
file C:\Windows (x86)\KBDTH3.DLL
file C:\Windows (x86)\KBDIT142.DLL
file C:\Windows (x86)\KBDSL1.DLL
file C:\Windows (x86)\KBDRU.DLL
file C:\Windows (x86)\KBDUSL.DLL
file C:\Windows (x86)\KBDJAV.DLL
file C:\Windows (x86)\KBDMACST.DLL
file C:\Windows (x86)\KBDUSX.DLL
file C:\Windows (x86)\KBDDV.DLL
file C:\Windows (x86)\kbdgeoqw.dll
file C:\Windows (x86)\KBDMAORI.DLL
file C:\Windows (x86)\KBDLV1.DLL
file C:\Windows (x86)\KBDINUK2.DLL
file C:\Windows (x86)\KBDINASA.DLL
file C:\Windows (x86)\KBDINORI.DLL
file C:\Windows (x86)\KBDIR.DLL
file C:\Windows (x86)\msafd.dll
Bkav W32.AIDetect.malware2
MicroWorld-eScan Trojan.GenericKD.36678707
McAfee Artemis!73E9A221CC6F
Sangfor Suspicious.Win32.Artemis.73E9A221CC6F
CrowdStrike win/malicious_confidence_80% (W)
BitDefender Trojan.GenericKD.36678707
Avast FileRepMalware
Ad-Aware Trojan.GenericKD.36678707
Sophos Generic ML PUA (PUA)
McAfee-GW-Edition BehavesLike.Win32.AdwareLinkury.fc
FireEye Trojan.GenericKD.36678707
Emsisoft Trojan.GenericKD.36678707 (B)
APEX Malicious
Webroot W32.Trojan.Gen
Arcabit Trojan.Generic.D22FAC33
GData Trojan.GenericKD.36678707
VBA32 Win32.Malware.Dropper.Heur
MaxSecure Win.MxResIcn.Heur.Gen
AVG FileRepMalware