popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

taSPcCva.rtf

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 9, 2021, 8:51 a.m. Sept. 9, 2021, 8:53 a.m.
Size 13.9KB
Type HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5 7ddc68d92fe65b2509f16c6a27876347
SHA256 c71747146567e8b50ff87f67f7e7c2209fffee3d078af55c4738907f63ead5b8
CRC32 81727BF4
ssdeep 384:kybjWJEnq5Rae9FcshMLDV7WFkOFSa0URlqzv3ZN:kkjWJEnUae9FcshMLZRI6z
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x0000048c
filepath: C:\Users\test22\AppData\Local\Temp\~$SPcCva.rtf
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$SPcCva.rtf
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x7ef70000
process_handle: 0xffffffff
1 0 0
Arcabit VB:Trojan.Valyria.D13CF
Kaspersky HEUR:Trojan-Downloader.Script.Generic
BitDefender VB:Trojan.Valyria.5071
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
MicroWorld-eScan VB:Trojan.Valyria.5071
Ad-Aware VB:Trojan.Valyria.5071
Emsisoft VB:Trojan.Valyria.5071 (B)
McAfee-GW-Edition BehavesLike.HTML.Dropper.lq
FireEye VB:Trojan.Valyria.5071
MAX malware (ai score=86)
GData VB:Trojan.Valyria.5071
ALYac VB:Trojan.Valyria.5071
Yandex HTML.Psyme.Gen
Ikarus Trojan.VB.Valyria
Fortinet VBS/Agent.CF7B!tr