popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

nde.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 10, 2021, 10 a.m. Aug. 10, 2021, 10:07 a.m.
Size 305.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a4d596e4f832205303ec7abb0d6b79e2
SHA256 31ab2bfd738bd5e28af20fbf5833b7173fffa70ffe4453a6710f73999c9516b4
CRC32 5697A5B5
ssdeep 6144:dHX5Iph0gHykeP9rcrpY5TsRuulrdJlxcMF0xXfYaOv:BX5OSHJcrp+MRdJ74VAaOv
PDB Path C:\xampp\htdocs\Loct\a6e755f2bd3e48b399df2db78a095e03\Loader\Project1\Release\Project1.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\xampp\htdocs\Loct\a6e755f2bd3e48b399df2db78a095e03\Loader\Project1\Release\Project1.pdb
section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1852
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0018f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1852
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1852
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01cc0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2072
process_handle: 0x000000c0
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2072
process_handle: 0x000000c0
1 0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cyren W32/Injector.AKK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FIQY
APEX Malicious
Kaspersky VHO:Trojan-Spy.Win32.Noon.gen
DrWeb Trojan.PWS.Siggen3.1955
VIPRE LooksLike.Win32.Crowti.b (v)
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.a4d596e4f8322053
Emsisoft Trojan.Crypt (A)
SentinelOne Static AI - Suspicious PE
VBA32 BScope.Trojan-Dropper.Injector
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.FIBB!tr
BitDefenderTheta Gen:NN.ZexaF.34058.tuZ@am@lcTfi
Qihoo-360 HEUR/QVM10.1.2676.Malware.Gen
Cybereason malicious.303bbb