popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

bda.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 10, 2021, 10:33 a.m. Aug. 10, 2021, 10:45 a.m.
Size 305.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b9b5b54cf3469380c133057543a9362e
SHA256 25b5931496772d55a7fc68ae07c5a61ff9acaf5182384f06ad7c809738fdfe31
CRC32 32B6B019
ssdeep 6144:XubkZIphwQqzaMIgsAJja+2DGYHRifx/Fvybz:wkZLQRMInijuDhw/FvI
PDB Path C:\xampp\htdocs\Loct\2c04e1dc6fc54cdb98ca2d0ec327b0e8\Loader\Project1\Release\Project1.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\xampp\htdocs\Loct\2c04e1dc6fc54cdb98ca2d0ec327b0e8\Loader\Project1\Release\Project1.pdb
section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2376
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0018f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2376
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2376
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00470000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1136
process_handle: 0x000000c0
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1136
process_handle: 0x000000c0
1 0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.86ad7d
Cyren W32/Injector.AKK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMAB
APEX Malicious
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
Emsisoft Trojan.Crypt (A)
DrWeb Trojan.PWS.Siggen3.1955
VIPRE LooksLike.Win32.Crowti.b (v)
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.b9b5b54cf3469380
Ikarus Trojan.Crypter
Cynet Malicious (score: 100)
VBA32 BScope.Trojan-Dropper.Injector
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.FIBB!tr
BitDefenderTheta Gen:NN.ZexaF.34058.tuZ@aWvTpTmi
Qihoo-360 HEUR/QVM10.1.26FB.Malware.Gen