Summary | ZeroBOX

flashplayerpp_install_cn.exe

Malicious Library UPX PE64 PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us March 17, 2022, 10:58 a.m. March 17, 2022, 11:10 a.m.
Size 2.6MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8b5ad07e4d0736bec6f642d744b013fb
SHA256 4a7753f21e2c304d33a8ce823f0cf61de8c43f906c172dd69414d82da6a50ead
CRC32 AA4A704A
ssdeep 49152:/bA3dy0o/9WUddRC8qOZHXtsa+khuq1Ik+j0JpzJPXqROi9f1N+b7ioDG56e+:/bnz/9WmC8qOZCkT1IkFJ5B6T9f1APrv
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
section .didat
resource name PNG
name PNG language LANG_CHINESE filetype PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006418c size 0x000015a9
name PNG language LANG_CHINESE filetype PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006418c size 0x000015a9
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006d4a0 size 0x00000468
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e010 size 0x000001e6
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e928 size 0x00000078
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006e9a0 size 0x00000068
name RT_MANIFEST language LANG_CHINESE filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006ea08 size 0x00000753
file C:\Users\test22\AppData\Local\Temp\ava.exe
Lionic Trojan.Win32.Makop.trQA
MicroWorld-eScan Trojan.GenericKD.48570384
McAfee Artemis!8B5AD07E4D07
Cylance Unsafe
Sangfor Trojan.Win64.Shelma.tua
K7AntiVirus Adware ( 0055b8ed1 )
BitDefender Trojan.GenericKD.48570384
K7GW Adware ( 0055b8ed1 )
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/2144FlashPlayer.A potentially unwanted
TrendMicro-HouseCall Backdoor.Win32.COBEACON.YXCCLZ
Paloalto generic.ml
Kaspersky Trojan.Win64.Shelma.tua
Rising PUF.2144FlashPlayer!8.1141E (CLOUD)
Ad-Aware Trojan.GenericKD.48570384
Emsisoft Trojan.GenericKD.48570384 (B)
TrendMicro Backdoor.Win32.COBEACON.YXCCLZ
McAfee-GW-Edition Artemis!Trojan
FireEye Trojan.GenericKD.48570384
Sophos Generic ML PUA (PUA)
Webroot W32.Trojan.FL
MAX malware (ai score=82)
Antiy-AVL Trojan/Generic.ASMalwS.350137E
Microsoft Trojan:Win32/Tnega!ml
Gridinsoft Ransom.Win32.Sabsik.sa
Arcabit Trojan.Generic.D2E52010
ZoneAlarm Trojan.Win64.Shelma.tua
GData Trojan.GenericKD.48570384
ALYac Trojan.GenericKD.48570384
VBA32 Trojan.Win64.Shelma
Malwarebytes Malware.AI.3964803760
Tencent Trojan.Win32.Qshell.16000324
Fortinet Adware/2144FlashPlayer
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike win/malicious_confidence_100% (W)