popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

inst77player_1.0.0.1.exe

PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 5, 2021, 9:39 p.m. June 5, 2021, 9:42 p.m.
Size 281.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 5c71794e0bfd811534ff4117687d26e2
SHA256 f5740aded1f401665ab8bde43afee5dc0b01aa8aacabe9b8bb61b1ef52134a39
CRC32 03D49F7B
ssdeep 6144:urlwH4rQ6Q1pyu6r0eT1CS2a1zd6zEPLOJl7yeMuVLot:R4ULa0eTWcLO4uw
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1868
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729c2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsf6098.tmp\InstallOptions.dll
file C:\Users\test22\AppData\Local\Temp\nsf6098.tmp\InstallOptions.dll
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\òÐòÐÎåÏßÆײ¥·ÅÆ÷
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\￲￐￲￐ᅫ¥ᅬ￟ᅥᅲᄇᆬ얘ᅥ￷
2 0