popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Bginfo.exe

Emotet Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 13, 2023, 4:54 p.m. Feb. 13, 2023, 4:56 p.m.
Size 2.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3aef228fb7ee187160482084d36c9726
SHA256 c885df88693496d5c28ad16a1ecde259e191f54ad76428857742af843b846c53
CRC32 4C620BFD
ssdeep 49152:f0eL6aJyxz8eGSfmOifv0LkifQvl9Hu1QEBWfzbnWKNSq:seLWz8TSfmxfv05Qvl9Hu1fBWfzbnWs
PDB Path D:\a\1\s\Win32\Release\BGInfo.pdb
Yara
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
pdb_path D:\a\1\s\Win32\Release\BGInfo.pdb
resource name RTF
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72bc2000
process_handle: 0xffffffff
1 0 0
description Bginfo.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds