popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

winscp.com

Malicious Library PWS PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 31, 2021, 1:55 p.m. July 31, 2021, 2:01 p.m.
Size 277.8KB
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5 f998fcd26455fb41278f8887ecb5594e
SHA256 f32611ce3a28fda2932bbdd856a0604866b9f3dbbc21407cb846baeb4684dd2f
CRC32 1F292D4F
ssdeep 6144:RkdBy6tHmG676IS8i5cSXX6a8sg4iAA+KXK:2y6tHe76IS8i5LXviAAj6
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Win32_PWS_Loki_Zero - Win32 PWS Loki
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: Cannot start WinSCP application "C:\Users\test22\AppData\Local\Temp\winscp.exe". 지정된 파일을 찾을 수 없습니다.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
__GetExceptDLLinfo+0x2b9b5 ___CPPdebugHook-0x2576 winscp+0x2cb36 @ 0x118cb36
__GetExceptDLLinfo+0x2ca08 ___CPPdebugHook-0x1523 winscp+0x2db89 @ 0x118db89
__GetExceptDLLinfo+0x9809 ___CPPdebugHook-0x24722 winscp+0xa98a @ 0x116a98a
__GetExceptDLLinfo+0x29d46 ___CPPdebugHook-0x41e5 winscp+0x2aec7 @ 0x118aec7

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeefface
exception.offset: 46887
exception.address: 0x748ab727
registers.esp: 1894976
registers.edi: 3
registers.eax: 1894976
registers.ebp: 1895056
registers.edx: 0
registers.ebx: 18239756
registers.esi: 48
registers.ecx: 3
1 0 0