popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

majMSPharm.exe

Malicious Library PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 24, 2022, 6:27 p.m. May 24, 2022, 6:35 p.m.
Size 3.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c53f542fb4bf76bba5492fdcd68241b
SHA256 352e50419b860d9f9066d2a1dc16b925c101027a1915be02f0a1fba09c5c22f5
CRC32 5927058C
ssdeep 49152:UO7+4VcSl7495jJVoHHXZiRm0IMeMlKxvLHkknZO/ygI2DRJRYRQDjcjOrnZioFK:UoplyMHHelWvPZOagRZzRRJeR
Yara
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.157.162.137 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73b11000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x1001f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x753d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73a81000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c03000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8457661273005938180
free_bytes_available: 24
root_path: D:\
total_number_of_bytes: 1127783071381843
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1627616
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 535540649
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8455898601247790516
free_bytes_available: 3703221197
root_path: D:\
total_number_of_bytes: 8589116456564686848
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1627860
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 786848
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8455898601247791572
free_bytes_available: 3703221197
root_path: D:\
total_number_of_bytes: 8589116456564686848
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1628916
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 786848
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8455898601247789212
free_bytes_available: 3703221197
root_path: D:\
total_number_of_bytes: 8589116456564686848
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1626556
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 786848
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8455898601247788532
free_bytes_available: 3703221197
root_path: D:\
total_number_of_bytes: 8589116456564686848
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1625876
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 786848
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 8455898601247790068
free_bytes_available: 3703221197
root_path: D:\
total_number_of_bytes: 8589116456564686848
0 0

GetDiskFreeSpaceW

 number_of_free_clusters: 1627412
sectors_per_cluster: 0
bytes_per_sector: 0
root_path: D:\
total_number_of_clusters: 786848
0 0
file C:\Users\test22\AppData\Local\Temp\GLJ8D0E.tmp
file C:\Users\test22\AppData\Local\Temp\GLK8F13.tmp
file C:\Users\test22\AppData\Local\Temp\GLC8CFD.tmp
host 185.157.162.137
Lionic Trojan.Win32.Generic.4!c
DrWeb BACKDOOR.Trojan
MicroWorld-eScan Trojan.GenericKD.38172383
McAfee Artemis!6C53F542FB4B
Cylance Unsafe
K7AntiVirus Trojan ( 700000111 )
K7GW Trojan ( 700000111 )
Arcabit Trojan.Generic.D24676DF
Cyren W32/AutoIt.NA.gen!Eldorado
Elastic malicious (moderate confidence)
BitDefender Trojan.GenericKD.38172383
Sophos Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
FireEye Trojan.GenericKD.38172383
Emsisoft Trojan.GenericKD.38172383 (B)
Gridinsoft Ransom.Win32.Sabsik.sa
Microsoft Program:Win32/Wacapew.C!ml
GData Trojan.GenericKD.38172383
ALYac Trojan.GenericKD.38172383
Malwarebytes Malware.AI.333051031
MAX malware (ai score=82)
MaxSecure Trojan.Malware.139048151.susgen
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Avast Win32:Malware-gen