Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 9, 2023, 10:18 a.m.	Jan. 9, 2023, 10:22 a.m.

Size	984.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e5649ab2c67d8468c964cb286c6624be`
SHA256	`f8dc099b9264dcaad70392cf8f4a5dd7974a4d7f61351850c799a471716c2693`
CRC32	`14294280`
ssdeep	`3072:FijyPvu6WE9KiZIvVKjK22+eZKkk7pSKCoKWWMb633LoYSmZAzUNe5v45L1rFx01:F3Xuk9KX1gCoKWdbSBKzUQa5dfl+`
PDB Path	C:\vetoson geforeco jamogo\hepeka\dateg peca.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\vetoson geforeco jamogo\hepeka\dateg peca.pdb

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 9, 2023, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: da af d7 33 1d bd 55 0e 34 6f ad bc f6 40 a3 d4 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9307d8 registers.esp: 12188824 registers.edi: 0 registers.eax: 1968963655 registers.ebp: 12188832 registers.edx: 866192352 registers.ebx: 4980736 registers.esi: 0 registers.ecx: 0	1	0	0

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 9, 2023, 10:18 a.m.	process_identifier: 2564 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00890000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 9, 2023, 10:18 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00930000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 9, 2023, 10:18 a.m.	process_identifier: 2564 region_size: 1073745920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 9, 2023, 10:18 a.m.	process_identifier: 2564 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00931000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Zard.52
FireEye	Generic.mg.e5649ab2c67d8468
McAfee	Artemis!E5649AB2C67D
Cylance	Unsafe
VIPRE	Gen:Heur.Mint.Zard.52
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Mint.Zard.52
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HSFT
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Heur.Mint.Zard.52
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Agent.Qcnw
Ad-Aware	Gen:Heur.Mint.Zard.52
Sophos	Mal/Generic-S
Comodo	Malware@#2dcbka4402duo
F-Secure	Trojan.TR/Agent_AGen.ukfkj
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Heur.Mint.Zard.52 (B)
Webroot	W32.Malware.Gen
Avira	TR/Agent_AGen.ukfkj
Antiy-AVL	Trojan/Win32.Sabsik
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Heur.Mint.Zard.52
Acronis	suspicious
ALYac	Gen:Heur.Mint.Zard.52
MAX	malware (ai score=88)
Malwarebytes	Malware.AI.3899848454
TrendMicro-HouseCall	TROJ_GEN.R002H09A623
Rising	Trojan.Agent!8.B1E (TFE:5:R3j74E4UtVU)
AVG	Win32:Malware-gen

umciavi32.exe