popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

presentation.dll

OS Processor Check PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 6, 2021, 10:36 a.m. May 6, 2021, 10:39 a.m.
Size 857.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c54784a2a5c1b33fd4e29b63d39f7f17
SHA256 e1c53b0e0d02d22d90496aa67298086866f78fbe18ee00b17ce4fd1beb0f033c
CRC32 99666C45
ssdeep 12288:32a/rAA8VjD83Mmzv5ALfcfvMJ4bXD9eQ4q0I2Z45NVsRso9gB2/j2vPTSy4jvt3:D0PsvIfc8abX14pW5NDQIPqjpqy0
PDB Path c:\Music_degree\kind\Told\Tool.pdb
Yara
  • IsDLL - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path c:\Music_degree\kind\Told\Tool.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73782000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d71000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2388
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x737c2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00300000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00310000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2388
region_size: 163840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00320000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
MicroWorld-eScan Gen:Variant.Johnnie.329138
FireEye Gen:Variant.Johnnie.329138
CAT-QuickHeal Trojan.Wacatac
ALYac Gen:Variant.Johnnie.329138
Cylance Unsafe
Sangfor Suspicious.Win32.Babar.26409
K7AntiVirus Trojan ( 0057bb411 )
Alibaba Trojan:Win32/Kryptik.0dc9e60d
K7GW Trojan ( 0057bb411 )
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Kryptik.HKQP
Avast Win32:Trojan-gen
BitDefender Gen:Variant.Johnnie.329138
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Gen:Variant.Johnnie.329138
Sophos Mal/Generic-S
Comodo Malware@#2dsuz8gddyd17
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition RDN/Generic.com
Emsisoft Gen:Variant.Johnnie.329138 (B)
Webroot W32.Trojan.Gen
Avira TR/AD.UrsnifDropper.cducx
MAX malware (ai score=80)
Gridinsoft Trojan.Win32.Kryptik.cc
Microsoft TrojanSpy:Win32/Ursnif.KC!bit
AegisLab Trojan.Win32.Johnnie.4!c
GData Gen:Variant.Johnnie.329138
Cynet Malicious (score: 99)
McAfee RDN/Generic.com
VBA32 BScope.TrojanBanker.Gozi
Malwarebytes Trojan.Ursnif
TrendMicro-HouseCall TROJ_GEN.R002H0CE321
Ikarus Trojan.SuspectCRC
Fortinet W32/PossibleThreat
MaxSecure Trojan.Malware.117454436.susgen
AVG Win32:Trojan-gen
Panda Trj/GdSda.A