Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 26, 2022, 5:59 p.m.	April 26, 2022, 6:04 p.m.

Size	419.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`99bc50939c44d18fef2a8836b8aed2c3`
SHA256	`bcf1164786925cbb783ca38d4066245cadaadad692332b5de64d1d7802d102f9`
CRC32	`8C6EA459`
ssdeep	`12288:fYWEd8gGjd6u3irRvblNsh4v5OOSghTeoZFDk7fQF6:fYWE2jd6jrRzwiv5OOrT3Ak0`
Yara	IsPE32 - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 26, 2022, 5:59 p.m.		1	1	0

section

.ndata

Time & API	Arguments	Status
NtProtectVirtualMemory April 26, 2022, 5:59 p.m.	process_identifier: 2872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x739e2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 26, 2022, 5:59 p.m.	process_identifier: 2872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a85000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 26, 2022, 5:59 p.m.	process_identifier: 2872 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ea0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW April 26, 2022, 5:59 p.m.	total_number_of_free_bytes: 13719670784 free_bytes_available: 13719670784 root_path: C:\Users\test22\AppData\Local\Temp total_number_of_bytes: 34252779520	1	1	0
GetDiskFreeSpaceExW April 26, 2022, 5:59 p.m.	total_number_of_free_bytes: 13719281664 free_bytes_available: 13719281664 root_path: C:\Users\test22\AppData\Local\Temp total_number_of_bytes: 34252779520	1	1	0

file	C:\Users\test22\AppData\Local\Temp\api-ms-win-crt-environment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\HPSUPD-Win32Exe.exe
file	C:\Users\test22\AppData\Local\Temp\nsdE3E9.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\Common.dll

file	C:\Users\test22\AppData\Local\Temp\api-ms-win-crt-environment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\Common.dll
file	C:\Users\test22\AppData\Local\Temp\nsdE3E9.tmp\System.dll

Lionic	Trojan.Win32.Shelsy.4!c
MicroWorld-eScan	Trojan.GenericKD.39560189
McAfee	RDN/GuLoader
BitDefender	Trojan.GenericKD.39560189
K7GW	Trojan ( 005903451 )
Cyren	W32/NSIS_Injector.A.gen!Eldorado
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.ASH
TrendMicro-HouseCall	TROJ_GEN.F0D1C00DP22
Kaspersky	HEUR:Trojan.Win32.Shelsy.gen
Alibaba	Trojan:Win32/Shelsy.3a36561b
Avast	NSIS:InjectorX-gen [Trj]
Ad-Aware	Trojan.GenericKD.39560189
Emsisoft	Trojan.GenericKD.39560189 (B)
McAfee-GW-Edition	Artemis!Trojan
FireEye	Trojan.GenericKD.39560189
Sophos	Mal/Generic-S (PUA)
GData	Trojan.GenericKD.39560189
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Generic.D25BA3FD
ZoneAlarm	HEUR:Trojan.Win32.Shelsy.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
MAX	malware (ai score=81)
Ikarus	Trojan.Inject
Yandex	Trojan.Igent.bXTcdX.1
MaxSecure	Trojan.Malware.121218.susgen
AVG	NSIS:InjectorX-gen [Trj]

payment_34662.exe