popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

win32.exe

Generic Malware Malicious Library UPX PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 10, 2022, 2:42 p.m. March 10, 2022, 3:07 p.m.
Size 296.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 e3e18dbe2b1a5ef507239a184495ff29
SHA256 66e08ab2e321f2704148f242f917ca827de4a32d8f964a8b8caf99af9a668c2a
CRC32 AD60E6E9
ssdeep 6144:lYa6PKZOuE1SDIssGilA+XG4LC0g4XAiGCIH6h2izocdnftx6v:lYtKZOd0DQGixXJeOXAiQYdo
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73c65000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2340
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02f60000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2340
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02f70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2340
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03070000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\updater.exe
file C:\Users\test22\AppData\Local\Temp\PSGet.Format.ps1xml
file C:\Users\test22\AppData\Local\Temp\nsh8D5D.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\WSEnable.exe
file C:\Users\test22\AppData\Local\Temp\updater.exe
file C:\Users\test22\AppData\Local\Temp\WSEnable.exe
file C:\Users\test22\AppData\Local\Temp\nsh8D5D.tmp\System.dll
Lionic Trojan.Win32.GuLoader.a!c
McAfee Artemis!E3E18DBE2B1A
Cylance Unsafe
K7AntiVirus Trojan ( 0058e6351 )
K7GW Trojan ( 0058e6351 )
ESET-NOD32 NSIS/Injector.AOT
TrendMicro-HouseCall TROJ_GEN.R002H0DC922
Avast NSIS:DropperX-gen [Drp]
Kaspersky HEUR:Trojan-Downloader.Win32.GuLoader.gen
Rising Trojan.Injector/NSIS!1.DC4D (CLASSIC)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Injector.qkdud
McAfee-GW-Edition Artemis!Trojan
Paloalto generic.ml
Avira TR/Injector.qkdud
Kingsoft Win32.Troj.Undef.(kcloud)
ZoneAlarm HEUR:Trojan-Downloader.Win32.GuLoader.gen
GData Win32.Trojan-Downloader.Generic.621PSS
Cynet Malicious (score: 99)
Malwarebytes Trojan.GuLoader
Tencent Win32.Trojan.Falsesign.Alsb
AVG NSIS:DropperX-gen [Drp]