popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

taroch.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 29, 2021, 9:51 a.m. July 29, 2021, 9:53 a.m.
Size 415.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4bd029fab2e1855b65f19af615d5af49
SHA256 19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d
CRC32 D6AE6C0E
ssdeep 6144:cIlhYdWi2kzeShnkmmx87BQwmeOA1PWLC/W4iGrWMwDfv:p0dWrCeSVkmmx8Ntm8oCPrCHDfv
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

packer Armadillo v1.71
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1276
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x001ef000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1276
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1276
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00860000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2124
process_handle: 0x00000074
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2124
process_handle: 0x00000074
1 0 0
Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.4bd029fab2e1855b
McAfee Artemis!4BD029FAB2E1
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:Backdoor.Win32.Androm.gen
Avast FileRepMalware
Tencent Win32.Backdoor.Fareit.Auto
Sophos Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Jiangmin Backdoor.Androm.gsk
Microsoft Program:Win32/Wacapew.C!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
BitDefenderTheta Gen:NN.ZexaF.34050.zuZ@aepX59em
VBA32 BScope.Trojan-Dropper.Injector
Rising Trojan.Generic@ML.93 (RDML:iGudsQBp6IPh/dU/Hu80gw)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware
CrowdStrike win/malicious_confidence_80% (W)