popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

INSTALL.EXE

OS Processor Check PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 24, 2021, 11:49 p.m. June 25, 2021, 12:06 a.m.
Size 580.6KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7415aea4d76ea8d2706a6441be814b03
SHA256 4a74922eb09b96a1b50236fa2e4c517e9bfde2c7418afaa6de4cbb57301ff2d7
CRC32 83C1868A
ssdeep 12288:smOSSPAWkQDl3+ND8hRTScTWYUTKMy/bkqpctmOASvoWKrTq6uRtRmPL:heY1QDlqD8hvT6ThyTkgctmO4WR6Ei
PDB Path H:\source\source.YV\80306\Release_wdautoex_9\WX\Desktop_x86_32\Release\WdAutoEx.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
aerociel.net
A 195.154.41.36
195.154.41.36
IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
195.154.41.36 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path H:\source\source.YV\80306\Release_wdautoex_9\WX\Desktop_x86_32\Release\WdAutoEx.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name INFOWDZ
request GET http://aerociel.net/Aerociel/INSTALL/INSTALL.ZIP
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260xml.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260mat.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260vm.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260zip.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260obj.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260com.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260pnt.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260trs.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\WDMetabase.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260hf.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260ole.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260sql.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260std.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\WDSetup.EXE
file C:\Users\test22\AppData\Local\Temp\WD_9ABA.tmp\INSTALL.EXE
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260uni.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260mdl.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260std.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260mat.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260zip.dll
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp\wd260ole.dll
host 172.217.25.14
file C:\Users\test22\AppData\Local\Temp\WDA161.tmp
file C:\Users\test22\AppData\Local\Temp\WD_9ABA.tmp