popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

VirbelaSetup.exe

Gen1 Formbook Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer Anti_VM GIF Format PE64 .NET DLL PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 3, 2021, 6:52 a.m. Nov. 3, 2021, 6:54 a.m.
Size 13.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ff260b18bacce2eafa35e1363bb005be
SHA256 55f1b4164519bee291046bf8496036242e3a14ebeb4d77ede349aff812311263
CRC32 0CB1A828
ssdeep 393216:/j5+h+aLlRWKFaF2ldBpW9YX0xv8t0hoTOYNQvL:/j53afJaFsubIqrY4
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .itext
section .didata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 688128
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004b6000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 102400
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004b8000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73552000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2856
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73552000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2856
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3024
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x039e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3024
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ae0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3024
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3024
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03af0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
3221225496 0

NtAllocateVirtualMemory

 process_identifier: 3024
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x07a20000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3024
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x07a30000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 0
root_path: C:\Program Files (x86)\Virbela Open Campus\
total_number_of_bytes: 70705682280
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13703016448
root_path: C:\Program Files (x86)\
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13651341312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer
total_number_of_bytes: 0
1 1 0
file C:\Users\Public\Desktop\Virbela Open Campus.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virbela Open Campus.lnk
file C:\Users\Public\Desktop\Virbela Open Campus.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virbela Open Campus.lnk
file C:\Users\test22\AppData\Local\Temp\is-77K35.tmp\VirbelaSetup.tmp
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000101
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{245df4a8-9578-41dc-a91e-8abc025849f9}_is1
2 0
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000284
regkey_r: RegFiles0000
reg_type: 7 (REG_MULTI_SZ)
value: C:\Program Files (x86)\Virbela Open Campus\virbela.exeC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Assembly-CSharp-firstpass.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Assembly-CSharp.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\ICSharpCode.SharpZipLib.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Mono.Security.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\mscorlib.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\netstandard.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Newtonsoft.Json.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.ComponentModel.Composition.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Configuration.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Core.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Data.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Diagnostics.StackTrace.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Drawing.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.EnterpriseServices.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Globalization.Extensions.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.IO.Compression.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.IO.Compression.FileSystem.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Net.Http.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Numerics.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Runtime.Serialization.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Runtime.Serialization.Xml.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.ServiceModel.Internals.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Transactions.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Xml.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Xml.Linq.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\System.Xml.XPath.XDocument.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Unity.Analytics.DataPrivacy.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\Unity.TextMeshPro.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.AccessibilityModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.AIModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.AnimationModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ARModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.AssetBundleModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.AudioModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.BaselibModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ClothModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ClusterInputModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ClusterRendererModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.CoreModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.CrashReportingModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.DirectorModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.FileSystemHttpModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.GameCenterModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.GridModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.HotReloadModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ImageConversionModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.IMGUIModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.InputModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.JSONSerializeModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.LocalizationModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.Networking.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ParticleSystemModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.PerformanceReportingModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.Physics2DModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.PhysicsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ProfilerModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.ScreenCaptureModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.SharedInternalsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.SpatialTracking.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.SpriteMaskModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.SpriteShapeModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.StreamingModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.StyleSheetsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.SubstanceModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TerrainModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TerrainPhysicsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TextCoreModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TextRenderingModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TilemapModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.Timeline.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TimelineModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.TLSModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UI.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UIElementsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UIModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UmbraModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UNETModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityAnalyticsModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityConnectModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityTestProtocolModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityWebRequestModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.VehiclesModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.VFXModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.VideoModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.VRModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.WindModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Managed\UnityEngine.XRModule.dllC:\Program Files (x86)\Virbela Open Campus\virbela_Data\Plugins\DiskUtilsWinAPI.dllC:\Program Files (x86)\Virbela Open Campus\UnityPlayer.dllC:\Program Files (x86)\Virbela Open Campus\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dllC:\Program Files (x86)\Virbela Open Campus\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll
regkey: HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0000
1 0 0
file C:\Users\test22\AppData\Local\Temp\is-77K35.tmp\VirbelaSetup.tmp