popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

yourlocallotto.exe

PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 3, 2021, 4:47 p.m. May 3, 2021, 5:04 p.m.
Size 206.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7564bb42086def493a6e8f27bf923647
SHA256 a3c26859ace3885b7226ca185e922a78725603d81a0a9e6bc1ec69a2d83435cb
CRC32 BC004156
ssdeep 1536:c2DSHGSEqH9DYaeSS3d5he/09YAn/MmVrYemI3AErUrlE0jUc2kNSDeBD/HaOGWo:c2KGcRmV5b9YEVknI31SEUUeN2eZxZJu
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name PART
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10014000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x765b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e80000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73771000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73861000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72da4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e01000
process_handle: 0xffffffff
1 0 0
file C:\Program Files (x86)\yourlocallotto1_20EI\Installr\1.bin\20EZSETP.dll
file C:\Program Files (x86)\yourlocallotto1_20EI\Installr\1.bin\NP20EISb.dll
file C:\Program Files (x86)\yourlocallotto1_20EI\Installr\1.bin\20EIPlug.dll
host 172.217.25.14
Bkav W32.HfsAdware.1166
CAT-QuickHeal PUA.Mindsparki1.Gen
Malwarebytes PUP.Optional.MindSpark
Zillya Adware.MyWebSearch.Win32.2684
Baidu Win32.Trojan.WisdomEyes.151026.9950.9996
F-Prot W32/MyWeb.G
ESET-NOD32 Win32/AdInstaller potentially unwanted
TrendMicro-HouseCall TROJ_SPNR.0EI513
Avast Win32:FunWeb-J [PUP]
ClamAV Win.Adware.Mywebsearch-219
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.rh
NANO-Antivirus Riskware.Win32.WebSearch.dbxdjn
ViRobot Adware.MyWebSearch.211008.C[h]
SUPERAntiSpyware PUP.AdInstaller
Rising Trjoan.Generic-xQZSKt3K8GV (Cloud)
Sophos Generic PUA MH (PUA)
DrWeb Trojan.MulDrop6.40078
VIPRE MyWebSearch.J (v) (not malicious)
TrendMicro TROJ_SPNR.0EI513
Cyren W32/MyWeb.YEIO-7739
Antiy-AVL RiskWare[WebToolbar]/Win32.MyWebSearch.rh
Arcabit PUP.WebToolbar.MyWebSearch
AegisLab Webtoolbar.W32.Gen!c
AhnLab-V3 PUP/Win32.FunWeb
GData Win32.Adware.Mindspark.E
TotalDefense Win32/Tnega.GaNNPfC
AVware MyWebSearch.J (v)
Tencent Win32.Trojan.Falsesign.Aguu
Yandex PUA.Toolbar.MyWebSearch!
Fortinet Riskware/MyWebSearch
AVG AdInstaller.FunWeb
Baidu-International Adware.Win32.MyWebSearch.bQ
Qihoo-360 Trojan.Generic