popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

b0e4f7e89442b09ac387d14196881808.exe

Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 23, 2021, 10:06 a.m. Aug. 23, 2021, 10:08 a.m.
Size 90.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 f206ba06dfdef9c5233fcf2a85a0732a
SHA256 f06e544f16fabf2d2755185ac267926cc300e142feb2e3b987fa403f6202c860
CRC32 B86A9364
ssdeep 1536:odNgvNbjS6BlJBYr1WXt6xoHkLLUQAOuxVm1tX6YwuIJLO+s8jcdX0fSdY:odeBSMbYxEtgWkXdAZLmP65uIVO7kf4
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
b0e4f7e89442b09ac387d14196881808+0x2505 @ 0x272505
0x740068

exception.instruction_r: f3 a5 8b cb 83 e1 03 f3 a4 89 55 fc e8 56 93 fd
exception.symbol: lstrcatW+0x40 CopyFileW-0x3f kernel32+0x382ce
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 230094
exception.address: 0x757582ce
registers.esp: 1636800
registers.edi: 1642496
registers.eax: 1637080
registers.ebp: 1636840
registers.edx: 4294967294
registers.ebx: 66
registers.esi: 1636936
registers.ecx: 10
1 0 0

__exception__

 stacktrace: 
b0e4f7e89442b09ac387d14196881808+0x2517 @ 0x272517
0x740068

exception.instruction_r: 66 8b 4f 02 47 47 66 85 c9 75 f5 8b cb c1 e9 02
exception.symbol: lstrcatW+0x30 CopyFileW-0x4f kernel32+0x382be
exception.instruction: mov cx, word ptr [edi + 2]
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 230078
exception.address: 0x757582be
registers.esp: 1636800
registers.edi: 1642494
registers.eax: 1637080
registers.ebp: 1636840
registers.edx: 4294967294
registers.ebx: 6
registers.esi: 1637072
registers.ecx: 1970602095
1 0 0

__exception__

 stacktrace: 
b0e4f7e89442b09ac387d14196881808+0x2526 @ 0x272526
0x740068

exception.instruction_r: 66 8b 4f 02 47 47 66 85 c9 75 f5 8b cb c1 e9 02
exception.symbol: lstrcatW+0x30 CopyFileW-0x4f kernel32+0x382be
exception.instruction: mov cx, word ptr [edi + 2]
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 230078
exception.address: 0x757582be
registers.esp: 1636800
registers.edi: 1642494
registers.eax: 1637080
registers.ebp: 1636840
registers.edx: 4294967294
registers.ebx: 24
registers.esi: 1636860
registers.ecx: 1970602095
1 0 0

__exception__

 stacktrace: 
b0e4f7e89442b09ac387d14196881808+0x1356 @ 0x271356
b0e4f7e89442b09ac387d14196881808+0x1ead @ 0x271ead
b0e4f7e89442b09ac387d14196881808+0x2537 @ 0x272537
0x740068

exception.instruction_r: 66 8b 08 40 40 66 85 c9 75 f6 2b c2 d1 f8 50 ff
exception.symbol: SysAllocString+0x1e SysStringLen-0x20 oleaut32+0x4660
exception.instruction: mov cx, word ptr [eax]
exception.module: OLEAUT32.dll
exception.exception_code: 0xc0000005
exception.offset: 18016
exception.address: 0x767a4660
registers.esp: 1636132
registers.edi: 1636228
registers.eax: 1642496
registers.ebp: 1636132
registers.edx: 1637082
registers.ebx: 0
registers.esi: 4033704
registers.ecx: 111
1 0 0
Lionic Trojan.Win32.Sdum.4!c
MicroWorld-eScan Trojan.GenericKD.46800538
FireEye Trojan.GenericKD.46800538
CAT-QuickHeal Trojan.Win32
McAfee RDN/Generic.grp
Cylance Unsafe
Sangfor Trojan.Win32.Sdum.gen
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
Cyren W32/Trojan.AHCX-3750
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FUV
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Sdum.gen
BitDefender Trojan.GenericKD.46800538
Avast Win32:TrojanX-gen [Trj]
Tencent Win32.Trojan.Sdum.Dyze
Ad-Aware Trojan.GenericKD.46800538
Emsisoft Trojan.GenericKD.46800538 (B)
TrendMicro Trojan.Win32.SDUM.USMANHI21
McAfee-GW-Edition RDN/Generic.grp
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Clipbanker
Jiangmin Trojan.Sdum.ti
Avira TR/Redcap.soibw
Gridinsoft Trojan.Win32.Downloader.sa
Microsoft Trojan:Win32/Glupteba!ml
ZoneAlarm HEUR:Trojan.Win32.Sdum.gen
GData Trojan.GenericKD.46800538
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4594821
MAX malware (ai score=80)
VBA32 BScope.Trojan.Downloader
Malwarebytes Trojan.Downloader
TrendMicro-HouseCall Trojan.Win32.SDUM.USMANHI21
eGambit Unsafe.AI_Score_61%
Fortinet W32/PossibleThreat
Webroot W32.Trojan.Gen
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A