Summary | ZeroBOX

SI-3023-9552783693PDF.jar

Generic Malware Malicious Packer Malicious Library OS Processor Check MSOffice File
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 14, 2021, 5:19 p.m. Oct. 14, 2021, 5:33 p.m.
Size 4.3MB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: SumatraPDF (Wrapped using MSI Wrapper from exemsi.com), Author: Krzysztof Kowalczyk, Keywords: Installer, Comments: This installer database contains the logic and data required to install SumatraPDF (Wrapped using MSI Wrapper from exemsi.com)., Template: Intel;1033, Revision Number: {CF7B634F-4A07-4116-BEAB-AD2123F1C030}, Create Time/Date: Mon Aug 20 14:56:14 2012, Last Saved Time/Date: Mon Aug 20 14:56:14 2012, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.5.2519.0), Security: 2
MD5 2922d30afb359edde8083596e20601dc
SHA256 10b8de549614240e9f6bcdbd5ac7b9a407760d9a882c8bb6a3e2cb978f0aa916
CRC32 BC0BACEA
ssdeep 98304:P8dUwWyw2YMWN6CfiqdMH64Sz6QK7RpFz2Haq6EByA:0dUqwYWN16WOQK7lzLdKyA
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • Microsoft_Office_File_Zero - Microsoft Office File
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6fc03000
process_handle: 0xffffffff
1 0 0
Cyren Java/Kryptik.L.gen!Eldorado
Symantec Trojan.Appjar!gen1
Avast Java:Malware-gen [Trj]
Kaspersky HEUR:Trojan.Java.Agent.gen
McAfee RDN/MalGenrc
Fortinet Java/GenericGB.29230!tr
AVG Java:Malware-gen [Trj]
cmdline "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043
parent_process acrord32.exe martian_process "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --locale=ko-kr --backgroundcolor=16514043