Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 17, 2023, 9:39 a.m.	March 17, 2023, 10:08 a.m.

Size	48.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6e5c1da79c9bdb532b062567460b4f1d`
SHA256	`28a7dbd97cb25d923a80ebba8f856b9eb55664e419a4dc5ff17ced1e2726fb05`
CRC32	`7FB080B2`
ssdeep	`768:lPaX1h9m+6NB7kUTI3TwHm3WPeFn+vNEtQ2:la3m+Q7kU00HoWPeAetL`
PDB Path	c:\Users\Administrator\Desktop\333\shellcodeloder\release\shellcodeloder.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
43.154.215.120	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.101:49161 -> 43.154.215.120:9999	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode

No Suricata TLS

pdb_path

c:\Users\Administrator\Desktop\333\shellcodeloder\release\shellcodeloder.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 17, 2023, 9:39 a.m.		1	1	0

Time & API	Arguments	Status
NtAllocateVirtualMemory March 17, 2023, 9:39 a.m.	process_identifier: 2552 region_size: 315392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:39 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 1355776 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:39 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 286720 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1014c000 process_handle: 0xffffffff	1

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW March 17, 2023, 9:39 a.m.	total_number_of_free_bytes: 13323640832 free_bytes_available: 13323640832 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0
Process32NextW March 17, 2023, 9:39 a.m.	snapshot_handle: 0x00000258 process_name: 111.exe process_identifier: 2552		0	0

host

43.154.215.120

Lionic	Trojan.Win32.Zenpak.4!c
DrWeb	Trojan.DownLoader7.33859
MicroWorld-eScan	Gen:Variant.Zusy.452794
McAfee	Artemis!6E5C1DA79C9B
Malwarebytes	Malware.AI.2726754131
Sangfor	Trojan.Win32.Zusy.V6m6
Alibaba	Trojan:Win32/Zenpak.0d128450
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Zusy.D6E8BA
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Rozena.BQM
Cynet	Malicious (score: 99)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Zenpak.gen
BitDefender	Gen:Variant.Zusy.452794
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Zenpak.Ktgl
VIPRE	Gen:Variant.Zusy.452794
McAfee-GW-Edition	Artemis!Trojan
FireEye	Gen:Variant.Zusy.452794
Emsisoft	Gen:Variant.Zusy.452794 (B)
Ikarus	Worm.Win32.Slenfbot
Jiangmin	Trojan/Generic.alimm
Avira	TR/Zenpak.hsuud
Antiy-AVL	Trojan/Win32.Zenpak
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Trojan.Win.Z.Zusy.49152.B
GData	Gen:Variant.Zusy.452794
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R562460
ALYac	Gen:Variant.Zusy.452794
MAX	malware (ai score=85)
TrendMicro-HouseCall	TROJ_GEN.R002H0CCF23
Rising	Trojan.Rozena!8.6D (CLOUD)
Fortinet	W32/Rozena.BQM!tr
AVG	Win32:Malware-gen

111.exe