popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mp3studios_97.exe

Trojan_PWS_Stealer Credential User Data Generic Malware SQLite Cookie Malicious Library UPX Malicious Packer Anti_VM PWS PNG Format PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 30, 2022, 6:19 p.m. Dec. 30, 2022, 6:26 p.m.
Size 1.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d8f7df6881eb9eab54bd9faedf6701e3
SHA256 99cc6bf906eabe0db853fe2b6e73383610b3cc40212e2fe6fad577b275b724dc
CRC32 E6051D9D
ssdeep 24576:9JSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjaNUqBPmn:9up62ESMTjTPjaCqxU
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • Credential_User_Data_Check_Zero - Credential User Data Check
  • SQLite_cookies_Check_Zero - SQLite Cookie Check... select
  • PE_Header_Zero - PE File Signature
  • Trojan_PWS_Stealer_1_Zero - Trojan.PWS.Stealer Zero
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
iplogger.org
A 148.251.234.83
148.251.234.83
www.icodeps.com
A 149.28.253.196
149.28.253.196
IP Address Status Action
148.251.234.83 Active Moloch
149.28.253.196 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: ERROR: The process "chrome.exe" not found.
console_handle: 0x0000000b
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
section .ohjbrvo
resource name ZIP
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x190004
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x190004
registers.r14: 253030616
registers.r15: 52994304
registers.rcx: 676
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 253029872
registers.rsp: 253029592
registers.r11: 253033488
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 1400
registers.r12: 253030232
registers.rbp: 253029728
registers.rdi: 85741920
registers.rax: 1638400
registers.r13: 85794880
1 0 0
request GET https://www.icodeps.com/
Application Crash Process chrome.exe with pid 2340 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x190004
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x190004
registers.r14: 253030616
registers.r15: 52994304
registers.rcx: 676
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 253029872
registers.rsp: 253029592
registers.r11: 253033488
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 1400
registers.r12: 253030232
registers.rbp: 253029728
registers.rdi: 85741920
registers.rax: 1638400
registers.r13: 85794880
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6d6ee087-83b9-457c-ba1a-b1d6a2b9bc20.dmp
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Preferences
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63AF2263-924.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 1\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
name ZIP language LANG_CHINESE filetype Zip archive data, at least v1.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0015fb50 size 0x0000c34d
name RT_ICON language LANG_CHINESE filetype dBase III DBT, version number 0, next free block index 40 sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0014f180 size 0x00010828
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0015f9a8 size 0x00000014
name RT_VERSION language LANG_CHINESE filetype PGP symmetric key encrypted data - Plaintext or unencrypted data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0015f9c0 size 0x0000018c
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js
file C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js
cmdline cmd.exe /c taskkill /f /im chrome.exe
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeMachineAccountPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTcbPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeSecurityPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTakeOwnershipPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeLoadDriverPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRemoteShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeEnableDelegationPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeManageVolumePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateGlobalPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTrustedCredManAccessPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004e4
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004e4
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
2 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000524
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0xc0000005
process_identifier: 2340
process_handle: 0x00000000000000bc
0 0

NtTerminateProcess

 status_code: 0xc0000005
process_identifier: 2340
process_handle: 0x00000000000000bc
1 0 0
cmdline taskkill /f /im chrome.exe
cmdline cmd.exe /c taskkill /f /im chrome.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,15043868689173229761,13056674623071201329,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1036 /prefetch:2
Process injection Process 2388 resumed a thread in remote process 2340
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000118
suspend_count: 2
process_identifier: 2340
1 0 0
Bkav W32.BadrTikserV.Trojan
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.d8f7df6881eb9eab
CAT-QuickHeal PUA.GenericRI.S23474139
McAfee GenericRXSB-FG!D8F7DF6881EB
VIPRE Trojan.GenericKDZ.93875
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
K7GW Spyware ( 005690661 )
K7AntiVirus Spyware ( 005690661 )
Arcabit Trojan.Generic.D16EB3
VirIT Trojan.Win32.Genus.LKW
Cyren W32/Socelars.M.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Spy.Agent.PYV
APEX Malicious
Kaspersky HEUR:Trojan.Script.FBStealer.gen
BitDefender Trojan.GenericKDZ.93875
SUPERAntiSpyware Trojan.Agent/Gen-SpyStealer
MicroWorld-eScan Trojan.GenericKDZ.93875
Avast Win32:PWSX-gen [Trj]
Tencent Adware.Win32.Extinstaller.b
Ad-Aware Trojan.GenericKDZ.93875
TACHYON Trojan/W32.FBStealer.1494016.C
Emsisoft Trojan-Spy.Agent (A)
DrWeb Trojan.Siggen17.50710
Zillya Trojan.Agent.Win32.3088749
McAfee-GW-Edition BehavesLike.Win32.Generic.th
Trapmine malicious.high.ml.score
Sophos Troj/Socelars-A
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Disbuk.dj
Avira JS/SpyBanker.G2
Antiy-AVL Trojan/Win32.RedLineStealer
Microsoft Trojan:Win32/RedLineStealer.RT!MTB
GData Win32.Trojan.PSE.1XYZ9KF
Google Detected
AhnLab-V3 Trojan/Win.Socelars.R523153
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.36158.BD0@aOMvRRij
ALYac Trojan.GenericKDZ.93875
MAX malware (ai score=84)
VBA32 BScope.Trojan.Agentb
Malwarebytes Spyware.Socelars
Rising Stealer.FBAdsCard!1.CE03 (CLASSIC)
Yandex TrojanSpy.Agent!EfXMZhOQIc0
Ikarus Trojan-Spy.Agent
MaxSecure Trojan.Malware.121218.susgen