popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AllmakeString2.exe

Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 15, 2022, 3:53 p.m. Dec. 15, 2022, 3:55 p.m.
Size 390.0KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 5b7db76369cfda2450af6bebdc62ff15
SHA256 5d7c25df48dac73698ae455a3d98ea38c2502edf862a47dc6db9a177147db453
CRC32 0632BE64
ssdeep 6144:6vem+wL6FRT/7OXCiXhk5lTLY0psWJkdXVKAlHW:cd+wL6FPiXhk7/YGJkdXws
PDB Path E:\work\提权\Exp\x64\Release\ExploitTest.pdb
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path E:\work\提权\Exp\x64\Release\ExploitTest.pdb
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
allmakestring2+0x3c80 @ 0x13f2d3c80
allmakestring2+0x4769 @ 0x13f2d4769
allmakestring2+0x468e @ 0x13f2d468e
allmakestring2+0x454e @ 0x13f2d454e
allmakestring2+0x47de @ 0x13f2d47de
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 43 0f b7 44 51 02 66 42 3b 44 51 02 75 1a 49 83
exception.symbol: allmakestring2+0x3c80
exception.instruction: movzx eax, word ptr [r9 + r10*2 + 2]
exception.module: AllmakeString2.exe
exception.exception_code: 0xc0000005
exception.offset: 15488
exception.address: 0x13f2d3c80
registers.r14: 0
registers.r15: 0
registers.rcx: 5355253448
registers.rsi: 0
registers.r10: -1
registers.rbx: 0
registers.rsp: 1439728
registers.r11: 1
registers.r8: -1
registers.r9: 0
registers.rdx: 2084912
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1
registers.r13: 0
1 0 0
Lionic Hacktool.Win64.CVE-2018-8120.3!c
Elastic malicious (high confidence)
DrWeb Exploit.CVE-2019-0808.1
MicroWorld-eScan Trojan.GenericKD.36891454
CAT-QuickHeal Trojan.Win64
ALYac Trojan.GenericKD.36891454
Cylance Unsafe
Zillya Exploit.CVE20190808.Win64.6
K7AntiVirus Trojan ( 0057c5d11 )
Alibaba Exploit:Win32/Consoler.333a10cb
K7GW Trojan ( 0057c5d11 )
Arcabit Trojan.Generic.D232EB3E
Cyren W64/Trojan.ABHV-4635
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win64/Exploit.CVE-2019-0808.B
APEX Malicious
Kaspersky HEUR:Exploit.Win64.CVE-2018-8120.gen
BitDefender Trojan.GenericKD.36891454
NANO-Antivirus Exploit.Win64.CVE20190808.ivmwnk
Avast Win32:CVE-2019-1458-G [Expl]
Ad-Aware Trojan.GenericKD.36891454
Emsisoft Trojan.GenericKD.36891454 (B)
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DED21
McAfee-GW-Edition Artemis!Trojan
FireEye Trojan.GenericKD.36891454
Sophos Troj/Agent-BHAZ
Ikarus Exploit.CVE-2019-0808
Avira EXP/CVE-2018-8120.csjup
Gridinsoft Trojan.Win64.Downloader.sa
Microsoft Exploit:Win32/Consoler.B!dha
GData Trojan.GenericKD.36891454
Cynet Malicious (score: 100)
McAfee Artemis!5B7DB76369CF
MAX malware (ai score=87)
VBA32 Exploit.Win64.CVE-2018-8120
TrendMicro-HouseCall TROJ_GEN.R002C0DED21
Rising Exploit.CVE-2019-0808!8.113DD (CLOUD)
MaxSecure Trojan.Malware.73681419.susgen
Fortinet W64/CVE20211732.D!exploit
AVG Win32:CVE-2019-1458-G [Expl]
Panda Trj/CI.A