popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

yjghost_gw.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 11, 2021, 12:31 p.m. Nov. 11, 2021, 12:44 p.m.
Size 16.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5 38971c55d9a807213018b5826bcfdffa
SHA256 b9ad370a5e4399df5526f16d2f7c7d830f1678631fbf9755a27e526db09b1faa
CRC32 D84C0D7C
ssdeep 196608:ikYtS4twljpw4OQeFS76eiuhF8+FcvhOsPg0Ho+qTqddDXzuGAeXeEln5dAWYAM3:iNJ6j12FE6ejNaZo+qTQzIGniVjQs
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2788
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2788
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73a92000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\bcdedit.exe
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\InstallOptions.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\ser.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\KillProc.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\NsisPlugin.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\NsisPlugin.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\ser.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\KillProc.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\InstallOptions.dll
file C:\Users\test22\AppData\Local\Temp\nsuE55F.tmp\System.dll
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ghost
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ghost
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ghost
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ghost
2 0
Lionic Trojan.Win32.Fsysna.4!c
MicroWorld-eScan Trojan.GenericKD.37091045
FireEye Trojan.GenericKD.37091045
CAT-QuickHeal Trojan.IGENERIC
ALYac Trojan.GenericKD.37091045
K7AntiVirus Riskware ( 0040eff71 )
Alibaba AdWare:Win32/Softcnapp.a
K7GW Riskware ( 0040eff71 )
Symantec Trojan.Gen.2
ClamAV Win.Worm.Runouce-343
Kaspersky HEUR:Trojan.Win32.Fsysna.gen
BitDefender Trojan.GenericKD.37091045
NANO-Antivirus Trojan.Win32.Agent.cysqzs
Ad-Aware Trojan.GenericKD.37091045
Sophos Generic PUA DI (PUA)
DrWeb Program.Unwanted.4598
McAfee-GW-Edition Artemis
Emsisoft Trojan.GenericKD.37091045 (B)
Webroot W32.Adware.Gen
Antiy-AVL Trojan/Win32.AGeneric
Microsoft PUA:Win32/Youxun
Gridinsoft Trojan.Win32.Agent.dg
Arcabit Trojan.Generic.D235F6E5
GData Trojan.GenericKD.37091045
AhnLab-V3 Malware/Gen.Generic.C3329953
McAfee Artemis!38971C55D9A8
VBA32 Trojan.Fsysna
Malwarebytes Malware.AI.268670742