Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 25, 2021, 10:55 a.m.	Sept. 25, 2021, 11:12 a.m.

Size	469.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`77370b802186f692c39b1c3c4883094e`
SHA256	`0886feddfb93f6aa77364f62647654bcbb7f9997e6ee09c561d4012a6698545e`
CRC32	`BD70D26B`
ssdeep	`12288:/7wh+MWoNoceX9ugqi5kBvpFIVgEhtdlVe:/7C+M5NoceX9W/BvpFmgEhLy`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) NSIS_Installer - Null Soft Installer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 25, 2021, 10:55 a.m.		1	1	0

section

.ndata

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 25, 2021, 10:55 a.m.	process_identifier: 2216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728d2000 process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\nso6451.tmp\cbwnjhiw.dll

file	C:\Users\test22\AppData\Local\Temp\nso6451.tmp\cbwnjhiw.dll

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47035889
FireEye	Generic.mg.77370b802186f692
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/Spynoon.47f42bc5
K7GW	Trojan ( 005880061 )
Cybereason	malicious.02186f
Cyren	W32/Injector.ALI.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/Injector.EQDZ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Trojan.GenericKD.47035889
Avast	NSIS:InjectorX-gen [Trj]
Ad-Aware	Trojan.GenericKD.47035889
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.UMal.kywed@0
McAfee-GW-Edition	BehavesLike.Win32.AdwareAdload.gc
Emsisoft	Trojan.NSISX.Spy.Gen.2 (B)
Avira	TR/Injector.dvyvl
MAX	malware (ai score=100)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.oa
Microsoft	Trojan:Win32/Spynoon.PR!MTB
GData	Trojan.GenericKD.47035889
Cynet	Malicious (score: 100)
McAfee	RDN/Generic.dx
TrendMicro-HouseCall	TROJ_GEN.R002H0CIO21
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Injector.EQDZ!tr
AVG	NSIS:InjectorX-gen [Trj]

vbc.exe