popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sisifo_setup.exe

PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 19, 2021, 1:47 p.m. May 19, 2021, 1:51 p.m.
Size 3.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 b585c637138be59df2b8b1e5fa4b112b
SHA256 23f0773287113f4998ba365e9928dafb0eb87ce7ccb97260d7c0e2a8fe38cc03
CRC32 15B73417
ssdeep 98304:FzqXXC79pjuyKZMgKZZJOLGqoTZu4FA8osG:kXS7/u3ZMgKhampFHo
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73731000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74e51000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72801000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72721000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x726e4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72722000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x756a1000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsr6616.tmp\InstallOptions.dll
file C:\Users\test22\AppData\Local\Temp\nsr6616.tmp\InstallOptions.dll
Bkav W32.AIDetectGBM.malware.02
MicroWorld-eScan Trojan.GenericKD.41750562
FireEye Trojan.GenericKD.41750562
McAfee Artemis!B585C637138B
Cylance Unsafe
Zillya Trojan.Stealer.Win32.7987
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
Alibaba TrojanSpy:Win32/Stealer.ad0b3c0b
K7GW Riskware ( 0040eff71 )
Cybereason malicious.7138be
Arcabit Trojan.MSILPerseus.D32547, Trojan.Bulz.D30D40
BitDefenderTheta Gen:NN.ZemsilCO.34574.ciW@aOSXh4o
Cyren W32/Trojan.WVEV-5110
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.GenericKD.41750562
NANO-Antivirus Trojan.Win32.Stealer.ibghvw
Comodo Malware@#188nw32dq183q
F-Secure Trojan.TR/Spy.Stealer.kpgxf
TrendMicro TROJ_GEN.R067C0PKA20
McAfee-GW-Edition RDN/Generic PWS.y
Emsisoft Trojan.GenericKD.41750562 (B)
Avira TR/Spy.Stealer.kpgxf
MAX malware (ai score=87)
Antiy-AVL Trojan[Spy]/MSIL.Stealer
Gridinsoft Ransom.Win32.Wacatac.oa!s5
Microsoft Trojan:Win32/Wacatac.B!ml
AegisLab Trojan.MSIL.Stealer.l!c
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
GData Gen:Variant.Bulz.200000
Cynet Malicious (score: 85)
ALYac Gen:Variant.Bulz.200000
Malwarebytes Generic.Malware/Suspicious
TrendMicro-HouseCall TROJ_GEN.R067C0PKA20
Tencent Msil.Trojan-spy.Stealer.Pfiz
Fortinet W32/Stealer!tr
AVG Win32:Malware-gen
Panda Trj/CI.A
Qihoo-360 Win32/TrojanSpy.Generic.HoMASOkA