popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 4, 2021, 9:27 p.m. June 4, 2021, 9:29 p.m.
Size 7.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b834105299960cc2b86ce33cce8c14ce
SHA256 e1f488d2df89a83e5cd86b0010c6acb2bcf41bb1eb2e1e61666089d21b0754f2
CRC32 39C36F42
ssdeep 196608:MGM54VhbYqevfDkpmtNnNOBpBu8QEXmY9UaR9OlwTu:MzOVhnevfggvma8QEWYGa5u
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73771000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74441000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72da4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10021000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x756a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02414000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ef1000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\GL_39D.EXE
file C:\Users\test22\AppData\Local\Temp\GL_39D.EXE
host 172.217.25.14
CAT-QuickHeal Pwstool.Cain
ALYac Misc.HackTool.CainAbel
Cylance Unsafe
Alibaba RiskWare:Win32/MalwareF.e3c55830
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Arcabit Application.Hacktool.Cain.A
Cyren W32/Risk.NBBP-5279
Symantec CainAbel
Avast Win32:PUP-gen [PUP]
Kaspersky not-a-virus:PSWTool.Win32.Cain.284
BitDefender Application.Hacktool.Cain.A
NANO-Antivirus Riskware.Win32.Cain.ddjbga
AegisLab Riskware.Win32.Cain.1!c
Sophos Cain n Abel Installer (PUA)
Comodo ApplicUnwnt@#jbalh0ylsnmr
DrWeb Tool.Cain.71
VIPRE Cain & Abel (not malicious)
TrendMicro SPYW_CAIN
FireEye Generic.mg.b834105299960cc2
Emsisoft Application.Hacktool.Cain.A (B)
Ikarus PUA.CainAbel
Jiangmin PSWTool.Cain.c
Avira SPR/Tool.HackTool.Cain.A.1
eGambit Generic.Malware
Gridinsoft Virtool.Win32.Cain.vb
Microsoft PUA:Win32/Cain
ViRobot PSWTool.Cain.7573628
ZoneAlarm Packed.Multi.SuspiciousPacker.gen
GData Application.Hacktool.Cain.A
Cynet Malicious (score: 99)
Malwarebytes Malware.AI.4189161265
TrendMicro-HouseCall SPYW_CAIN
Rising Malware.Undefined!8.C (CLOUD)
AVG Win32:PUP-gen [PUP]
Cybereason malicious.299960