Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 3, 2021, 2:41 p.m.	Sept. 3, 2021, 2:43 p.m.

Size	444.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c568117333be9807f9755d73da73fd15`
SHA256	`b050ba58df9d38811a5d664da5f640ab9595833f5962b6a5fbe2b2ecd4fea65b`
CRC32	`C08C6398`
ssdeep	`6144:p3iKIkh50yat3ZjyPt7Z3przwO38Pt7cjqJWa:pS2hatJuP5NZz8P5cEWa`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file IsPE32 - (no description)

비가스모드 2021.06.26-견적 .exe "C:\Users\test22\AppData\Local\Temp\비가스모드 2021.06.26-견적 .exe"
2972

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 3, 2021, 2:41 p.m.		1	1	0

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Sept. 3, 2021, 2:41 p.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1634476 registers.edi: 1634664 registers.eax: 1634476 registers.ebp: 1634556 registers.edx: 0 registers.ebx: 5472432 registers.esi: 1634664 registers.ecx: 2	1
__exception__ Sept. 3, 2021, 2:41 p.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1634588 registers.edi: 1634776 registers.eax: 1634588 registers.ebp: 1634668 registers.edx: 0 registers.ebx: 5472432 registers.esi: 1634776 registers.ecx: 2	1
__exception__ Sept. 3, 2021, 2:41 p.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1632636 registers.edi: 5472432 registers.eax: 1632636 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 5472432 registers.esi: 5472432 registers.ecx: 2	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 3, 2021, 2:41 p.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d72000 process_handle: 0xffffffff	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 3, 2021, 2:41 p.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Lionic	Trojan.Win32.Zbot.l!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.37510170
Malwarebytes	Malware.AI.4129293227
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	TrojanSpy:Win32/GenKryptik.f0566f5c
K7GW	Trojan ( 00581a1f1 )
K7AntiVirus	Trojan ( 00581a1f1 )
Arcabit	Trojan.Generic.D23C5C1A
Cyren	W32/VBKrypt.AZO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FJTP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.Win32.Zbot.vho
BitDefender	Trojan.GenericKD.37510170
MicroWorld-eScan	Trojan.GenericKD.37510170
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.37510170
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Worm.gm
FireEye	Trojan.GenericKD.37510170
Emsisoft	Trojan.GenericKD.37510170 (B)
Ikarus	Trojan.VB.Crypt
Avira	TR/Kryptik.qhjxw
MAX	malware (ai score=86)
Microsoft	Trojan:Script/Phonzy.C!ml
GData	Trojan.GenericKD.37510170
McAfee	GuLoader-FDCJ!C568117333BE
VBA32	TScope.Trojan.VB
Cylance	Unsafe
Tencent	Win32.Trojan-spy.Zbot.Sxoa
Yandex	Trojan.Igent.bWu3BJ.3
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Agent.FCI!tr
BitDefenderTheta	Gen:NN.ZevbaF.34126.Bm0@auhKQXbG
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

비가스모드 2021.06.26-견적 .exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All