popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe

Malicious Library Antivirus UPX Malicious Packer PE File OS Processor Check JPEG Format PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 3, 2021, 9:40 a.m. Aug. 3, 2021, 9:42 a.m.
Size 683.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 578d9f0ced02ee2f03ad3484628671d7
SHA256 6ddf7b13312987ed7d85ff6795f279d4c09ef67e7895a84254e53776a7ea9873
CRC32 C9766ACC
ssdeep 12288:3t0DuDX3YZfBZcYoocqn6MiJ1M8nVOKPFRHXV7Dbxw9/EbS3z:90aqfhc06L68nVOqFNXV7CcbSj
Yara
  • Antivirus - Contains references to security software
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Could Not Find C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe
console_handle: 0x0000000b
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1716
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Update\Rasdial.exe
Time & API Arguments Status Return Repeated

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe
filepath: C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe
1 1 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\test22\AppData\Roaming\Microsoft\Windows\Update\Rasdial.exe
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Windows\Update\Rasdial.exe
1 1 0
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe"
file C:\Users\test22\AppData\Local\Temp\Muneeza Mukkarum.jpg
file C:\Users\test22\AppData\Roaming\microsoft.dat
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Roaming\Microsoft\Windows\Update\Rasdial.exe
parameters:
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Windows\Update\Rasdial.exe
1 1 0

CreateProcessInternalW

 thread_identifier: 2736
thread_handle: 0x000002e4
process_identifier: 2732
current_directory:
filepath:
track: 1
command_line: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x000002dc
1 1 0
section {u'size_of_data': u'0x0005f200', u'virtual_address': u'0x00019000', u'entropy': 7.840641801153893, u'name': u'.data', u'virtual_size': u'0x0005fb80'} entropy 7.84064180115 description A section with a high entropy has been found
entropy 0.561623616236 description Overall entropy of this PE file is high
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del "C:\Users\test22\AppData\Local\Temp\Tani_Khan_Matrimonial_profile_picture_for_email_circulation_4.exe"
cmdline ping 1.1.1.1 -n 1 -w 3000
Lionic Trojan.Win32.Bingoml.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Artemis!578D9F0CED02
Cylance Unsafe
VIPRE BehavesLike.Win32.Malware.eah (mx-v)
Sangfor Trojan.Win32.Save.a
Cybereason malicious.28d2a5
Arcabit Trojan.Doina.D4C27
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Bingoml.gen
BitDefender Gen:Variant.Doina.19495
MicroWorld-eScan Gen:Variant.Doina.19495
Avast Win32:TrojanX-gen [Trj]
Rising Trojan.Injector!1.C975 (CLASSIC)
Ad-Aware Gen:Variant.Doina.19495
Sophos Generic ML PUA (PUA)
DrWeb Trojan.Siggen14.51823
TrendMicro Backdoor.Win32.BOZOKRAT.A
FireEye Gen:Variant.Doina.19495
Emsisoft MalCert.A (A)
MAX malware (ai score=99)
Kingsoft Win32.Troj.Undef.(kcloud)
GData Gen:Variant.Doina.19495
ALYac Gen:Variant.Doina.19495
VBA32 BScope.Trojan.Agentb
Malwarebytes Malware.AI.4198872444
TrendMicro-HouseCall Backdoor.Win32.BOZOKRAT.A
eGambit Unsafe.AI_Score_99%
Fortinet W32/Bingoml!tr
AVG Win32:TrojanX-gen [Trj]
Panda Trj/CI.A
Qihoo-360 Win32/Trojan.Generic.HgIASZkA