popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sya.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 10, 2021, 10:33 a.m. Aug. 10, 2021, 10:40 a.m.
Size 305.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 de74d8f4a95d6fe1f3d916191c88e034
SHA256 ae1d264af4fc8ebeda37133d6541cdf3f7ad639cfd76972a1642eaba8ef5e4bc
CRC32 6D7485ED
ssdeep 6144:288JIphM7CMagpuvB2bSbOQ3rNQuyiBop0Ozb:/8JPGxCuvBlOGNQdi6
PDB Path C:\xampp\htdocs\Loct\49f50c0a0e554810b7bfafd1f4957376\Loader\Project1\Release\Project1.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\xampp\htdocs\Loct\49f50c0a0e554810b7bfafd1f4957376\Loader\Project1\Release\Project1.pdb
section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2204
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0018f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2204
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2204
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02670000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2472
process_handle: 0x000000c0
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 2472
process_handle: 0x000000c0
1 0 0
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.79071a
Cyren W32/Injector.AKK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMAB
APEX Malicious
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
DrWeb Trojan.PWS.Siggen3.1955
VIPRE LooksLike.Win32.Crowti.b (v)
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.de74d8f4a95d6fe1
Emsisoft Trojan.Crypt (A)
SentinelOne Static AI - Suspicious PE
Cynet Malicious (score: 100)
VBA32 BScope.Trojan-Dropper.Injector
Ikarus Trojan.Crypter
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.FIBB!tr
BitDefenderTheta Gen:NN.ZexaF.34058.tuZ@aW07qsii
Qihoo-360 HEUR/QVM10.1.26FB.Malware.Gen