popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

download.aspx

Emotet Gen1 Generic Malware ASPack UPX Anti_VM PE64 PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 25, 2021, 3:15 p.m. June 25, 2021, 3:27 p.m.
Size 23.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 465403a9d41d410ba34e029b0831f5d8
SHA256 8fad94268559bd4b13553e6ebcd81f00e6d86e408613cf62af4272309c374a34
CRC32 E2E3F7A3
ssdeep 393216:ecXjuwrSNfTedr5fLN3sKMtEMZcIuT1QdVaABLDE/y7ylRsFQH8:ecXyGmEzN3YfZc8a1kycy
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
jsy.newitboy.com
A 112.126.77.190
112.126.77.190
IP Address Status Action
112.126.77.190 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
section .giats
resource name AFX_DIALOG_LAYOUT
resource name BINARY
request GET http://jsy.newitboy.com/wllinfo/newoemjsy/oemtianm.txt
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72962000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13702705152
root_path: C:\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13664350208
free_bytes_available: 13664350208
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name AFX_DIALOG_LAYOUT language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00428048 size 0x00000002
name BINARY language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0169c97c size 0x0002a800
name BINARY language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0169c97c size 0x0002a800
name BINARY language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0169c97c size 0x0002a800
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8308 size 0x00000134
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c84f4 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c84f4 size 0x00000144
name RT_ICON language LANG_CHINESE filetype dBase III DBT, version number 0, next free block index 40 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016c8638 size 0x00010828
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016d9220 size 0x00000034
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016da7cc size 0x0000053e
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x016da7cc size 0x0000053e
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\MiniThunderPlatform.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\ThunderFW.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\msvcr71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libssp-0.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\PECMD.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bcdedit.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\QEMU.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\XLBugReport.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\zlib1.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\minizip.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\7z.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\GDisk.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\xldl.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\msvcp71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootsect.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\fbinst.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\dl_peer_id.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\Etfsboot.com
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\oscdimg.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libpdcurses.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\download_engine.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\atl71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\XLBugHandler.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\MiniTPFw.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\SDL.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libz-1.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\UltraISO.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootice.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\msvcr71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootmgr.exe.mui
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootsect.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\xldl.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\atl71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\dl_peer_id.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libssp-0.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\MiniThunderPlatform.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootice.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\download_engine.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\msvcp71.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bcdedit.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\minizip.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\XLBugHandler.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\zlib1.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libz-1.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\XLBugReport.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\libpdcurses.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\MiniTPFw.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\GDisk.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\UltraISO.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\oscdimg.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\QEMU.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\bootmgfw.efi.mui
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\7z.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\QEMU\SDL.dll
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\download\ThunderFW.exe
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\fbinst.exe
wmi SELECT * FROM Win32_OperatingSystem WHERE (Csdversion IS NOT NULL)
wmi SELECT * FROM Win32_BaseBoard WHERE (Product IS NOT NULL)
wmi SELECT * FROM Win32_SystemEnclosure
wmi SELECT * FROM Win32_VideoController WHERE (description IS NOT NULL)
wmi SELECT * FROM Win32_Processor WHERE (Name IS NOT NULL)
wmi SELECT * FROM Win32_ComputerSystem WHERE (Model IS NOT NULL)
wmi SELECT * FROM Win32_OperatingSystem WHERE (Caption IS NOT NULL)
section {u'size_of_data': u'0x012b4600', u'virtual_address': u'0x00427000', u'entropy': 7.998913812335768, u'name': u'.rsrc', u'virtual_size': u'0x012b4410'} entropy 7.99891381234 description A section with a high entropy has been found
entropy 0.813053167781 description Overall entropy of this PE file is high
wmi SELECT * FROM Win32_Processor WHERE (Name IS NOT NULL)
wmi SELECT * FROM Win32_ComputerSystem WHERE (Model IS NOT NULL)
file C:\Users\test22\AppData\Local\Temp\0l50AsnmYC\tools\PECMD.exe
Time & API Arguments Status Return Repeated

SetWindowsHookExW

 thread_identifier: 0
callback_function: 0x00000000ffcdae10
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00000000ffc30000
1 3015215 0
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
APEX Malicious
Avast FileRepMalware
Kaspersky HEUR:Trojan.Win32.Fsysna.gen
McAfee-GW-Edition Artemis
Sophos Generic ML PUA (PUA)
AegisLab Trojan.Win32.Fsysna.4!c
AhnLab-V3 Malware/Gen.Generic.C4212733
McAfee Artemis!465403A9D41D
VBA32 BScope.Trojan.Fsysna
Tencent Win32.Trojan.Fsysna.Pbyy
AVG FileRepMalware
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

 information_class: 76 (SystemFirmwareTableInformation)
3221225507 0