Summary | ZeroBOX

포트폴리오_210628(경력사항도 같이 기재하였습니다 잘 부탁드립니다).exe

PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6401 July 2, 2021, 3:08 p.m. July 2, 2021, 3:11 p.m.
Size 847.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 586d6732d8c8d4045b05276f2a0cbf53
SHA256 ad534790700a9daa5fda6452692590e5e8c86d6a86aec0110822d0b54a6c21d9
CRC32 CD119732
ssdeep 24576:NmSo/l/4X2EM3GdNsFiKZqzYvqi/NmZrRV/tJ:NcaXNM2PBKZAsAZrRVVJ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section .ndata
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x766fd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x766f964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x766e4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x766e6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x766ee825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x766e6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x766e5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x766e49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x766e5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x773d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x773f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x773f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x75737a25
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x76713ef4
registers.esp: 1637240
registers.edi: 0
registers.eax: 42371472
registers.ebp: 1637268
registers.edx: 1
registers.ebx: 0
registers.esi: 5853872
registers.ecx: 1920873948
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729c2000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37164865
ALYac Trojan.Ransom.Makop
Sangfor Trojan.Win32.DelShad.gen
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelShad.e5934532
K7GW Riskware ( 0040eff71 )
Cybereason malicious.170807
Arcabit Trojan.Generic.D2371741
Symantec Downloader
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Ransom.Win32.Cryptor.gen
BitDefender Trojan.GenericKD.37164865
Avast Win32:NSISDropper-B [Drp]
Ad-Aware Trojan.GenericKD.37164865
Emsisoft Trojan.GenericKD.37164865 (B)
DrWeb Trojan.Siggen14.19488
McAfee-GW-Edition BehavesLike.Win32.AdwareAdload.cc
FireEye Generic.mg.586d6732d8c8d404
Sophos Mal/Generic-R + Troj/Ransom-GIF
Gridinsoft Ransom.Win32.Wacatac.sa
AegisLab Trojan.Win32.DelShad.4!c
ZoneAlarm HEUR:Trojan-Ransom.Win32.Cryptor.gen
GData Trojan.GenericKD.37164865
Cynet Malicious (score: 100)
AhnLab-V3 Ransomware/Win.MakopRansom.C4537699
McAfee RDN/Ransom
VBA32 Trojan.DelShad
Malwarebytes Ransom.Oled
Rising Trojan.Injector/NSIS!1.BFBB (CLASSIC)
Yandex Trojan.Slntscn24.bVVB1s
Fortinet NSIS/Injector.777B!tr.ransom
AVG Win32:NSISDropper-B [Drp]
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_90% (W)
Qihoo-360 Win32/TrojanDropper.Generic.HyoDQ8wA