Summary | ZeroBOX

app.dll

Generic Malware OS Processor Check PE32 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6401 July 9, 2021, 6:15 p.m. July 9, 2021, 6:26 p.m.
Size 445.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f3be390b01c85970deeae124ca36ce2d
SHA256 4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
CRC32 F9565911
ssdeep 12288:AmYDWUbdfyU+H93bJ3aBGQIuSR35F5VBpx:yBbdfJsJqBG5VB/
PDB Path c:\Reply-quite\Cry_Country\523\Gave\Color\shape.pdb
Yara
  • Generic_Malware_Zero - Generic Malware
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • PE_Header_Zero - PE File Signature

IP Address Status Action
164.124.101.2 Active Moloch
165.232.183.49 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name:
0 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name:
0 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name:
0 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name:
0 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
pdb_path c:\Reply-quite\Cry_Country\523\Gave\Color\shape.pdb
request GET http://gtr.antoinfer.com/84nY4wtJBmCucm9DepJToo/tGtvaSc2UVcDR/2zHlzO1F/bNkW36xdnhqYoRr7YBQcCNa/y93Q11QS9a/D8M_2ByJBHO9XlQca/n0ujUh20zcI9/JxJawuOL3k9/qfxd1yRLYOgD3c/1_2BR23dLn0o7lTOlQj6I/kUuwdswHQj7W4QHw/RX5E9sxU1Nf_2F_/2FCk0NWnZZALbW1qUN/3laNV7YkW/bzwdg6OC4ss5aY7xDZL0/DepNLT7uvNFMwSTHHfJ/uKwzVAwpPaOOwc9YjByXIP/qHz3wHqzdYAk1/Ks_2B6Hl/6S7a417_2FAxN9VWj_2Fu/i
request GET http://gtr.antoinfer.com/4mJue7_2FcPXhGPUkX1/rZFMwThbRasJYpzKNyzQzF/PSIg_2FXxk2wK/9Xz5OIly/Azc15kWESgqkvrg0YqgNbAB/ATDYoeq3xM/RBX01ZO_2BmeeEXMF/vj2wmHEa78z0/VHOqBBPXHyd/fS1ggK8erWH8nj/T0IfWVXaWZeufwtSbDUKQ/bMVoueTwDeGQ8L96/P1YqEr_2FPbvkPa/8PoIMYg_2BkG5matIU/Qv4oxHYee/VIrubMVZ3xhpW28NYWRR/nbNkiLj_2Fl7OhdObFa/4jnEr6P7bT_2Bk4uVTVD82/Vzy_2FWij6yj5/PpFiUfS_/2F4mgRqCJ3Tp_2BCJyaydDc/NSCEziz
request GET http://app.bighomegl.at/6PHRJExJgv9F3f/RKCmZ5SZKe2U6BzdtHmIg/b2mAWCKN8AlBapky/mwvBC3HeM3_2F7H/v9jEttxUzMvPWSf413/oDSl46mjD/GXmTB73zEAxAZybtTx5Q/ujdPaxD7506Nju1VLqn/LkT3ohS0LepSgyWTtS99GU/_2BTVBhdt8fiG/jU9_2FHC/Ya_2FfttFjtqRe0PbxWVe4M/4CuA6rJL_2/BVrvg2P0Bcd3X_2F5/jJ3GBttmpYNT/puVl6lw5ksU/4ltOesholmlw2Z/MQTQhMeDD2FupfpKz_2BP/OTzI7HG86CMXh9M3/Sxfg4ilUgQDTcjQ/sd6dZ5Z6MfaGCm/zMavyA
request GET http://app.bighomegl.at/k2XsNn4vNtbKN4bxM/cop2C8FLD9PQ/CIZDrhO4KbH/OEKMyhaO98VXTV/PdCUWIyDHFLKp_2BVqhyR/0oMHkaAYJpcU85cO/giOE9rYmV0qAJui/QzEO9VV5_2F5pR29Ko/Duva_2ByL/h3UWNQc1BSOW7Tv0hFEv/ozPQ_2BA8pr_2BwXOBQ/XMxOiuiw0_2BbxTN1C4C7T/U_2FU7vzVRo1y/3Opur3u_/2FD_2BwAWJgFY7JfA0YAmLg/sOto_2BflZ/kmF6_2BPE97VsUc6q/bRIzbX7qJLyG/ViK0hV0cJmx/XH4kEaBelmujO7/9zdTLa_2BuF0RLvgBGZNg/6vkXeVpV9j284H5Fcq3P/l
request GET http://gtr.antoinfer.com/x0jwbi_2BVmvEJ/YY788UXko9WdP0lwUg9z4/xlr6eiTfr0M5_2F_/2B0hv6DVnmCYhu9/xBeBELJQLY7LGafuS2/z2RiTrGJD/J7ilpXhwqBeUfihrroZj/75PMFlX8LLWp9_2FLuj/VP9Q9nczTM8JpiGHr_2Bsl/C0AUAdOLMj_2B/BOOsuxWQ/sGToIoAjZaqeTO1iS_2FD6Y/0lCNBNK1V2/4B6MXLmQ15_2FCAnG/Hk47_2F5FoI9/rrpFAK_2BSL/7_2FiPuxAedUkd/nhoiovuceGmnNgARH3TBI/udLsB2l1pS1UMDs_/2FFv5W7m_2BNYUS/AxCMP5Q_2FZBzQxvVQ/zgIxA4nIG/1CFhC38
request GET http://app.bighomegl.at/2xwPNaPWy1ZQiexiLbC6/VZ0GzYn7Pl8FGmoMK_2/F_2BmVt10PLNgWt6lgCkjZ/BQJaGkF5_2Bj2/WQk2vLCU/LVe9CiRaoW7DV4pZVQWpnOZ/v93d3I_2BO/snk70e4PO2P8yI7S3/FDNXnkjMgqfN/ssx_2BpUoFx/oWN5XIxgaRF3g6/7zZVvJTAYy9RIuxxE7_2F/E4_2BUZPu7ZpzK8K/KyosgQGgQ9Og3_2/Fq_2FFI_2BrekPPdWQ/LVGGqVTt6/UUoLX8uAy9wNYRtRVDrU/OdKLgk5lXT0ZTRQ9vBZ/10fuxVuwUS4Tz1WJiMsW6a/GYpAbcM5bYbiT/NLhLy71_2FFPbr5T/VtDd
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b0c000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d40000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b2f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2212
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007b0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2212
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2212
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007d0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72971000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b0c000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d40000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b2f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2208
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2208
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2208
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00810000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72971000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b0c000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d40000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b2f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007b0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2256
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00800000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729c1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72971000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b0c000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d40000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72b2f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2112
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007a0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2112
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2112
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00840000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
description rundll32.exe tried to sleep 174 seconds, actually delayed analysis time by 174 seconds
Elastic malicious (high confidence)
ESET-NOD32 Win32/Spy.Ursnif.CG
APEX Malicious
Paloalto generic.ml
BitDefender Trojan.GenericKD.46602191
Avast Win32:Malware-gen
Webroot W32.Trojan.Gen
Microsoft Trojan:Win32/Ursnif
Cynet Malicious (score: 100)
Ikarus Win32.Outbreak
Fortinet PossibleThreat.MU
BitDefenderTheta Gen:NN.ZedlaF.34790.Bq4@a8prUll
AVG Win32:Malware-gen
Qihoo-360 Win32/Heur.Generic.Hx4CdcQA