popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Setupdark.exe

EnigmaProtector UPX Malicious Packer Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 17, 2023, 9:42 a.m. March 17, 2023, 9:47 a.m.
Size 3.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 d4fc8415802d26f5902a925dafa09f95
SHA256 b5c72a18578c6cc7007b6c7738fa9f72b57ecaf26be44964af3947f7f2b5422f
CRC32 3CE6060F
ssdeep 98304:GUwJ6Lv3608hjXk/o58364xowyoYLDVEjIHpnzwu7GsD:CSv61hjXk/W8364xowMqcnzwuCg
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: The system cannot find the path specified.
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\Setupdark.exe"
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: if
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: exist "C:\Users\test22\AppData\Local\Temp\Setupdark.exe"
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: goto
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: Repeat
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd"
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: The batch file cannot be found.
console_handle: 0x000000000000000b
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13319299072
root_path: C:\Users\test22\AppData\Local\Temp\7zSFX
total_number_of_bytes: 0
1 1 0
file C:\Users\test22\AppData\Local\Temp\7zSFX\KillDuplicate.cmd
file C:\Users\test22\AppData\Local\Temp\7zSFX\installer.exe
file C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd
cmdline "C:\Windows\System32\cmd.exe" /c ""C:\Users\test22\AppData\Local\Temp\7zSFX\KillDuplicate.cmd" "C:\Users\test22\AppData\Local\Temp\7zSFX" "Setupdark.exe""
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /c ""C:\Users\test22\AppData\Local\Temp\7zSFX\KillDuplicate.cmd" "C:\Users\test22\AppData\Local\Temp\7zSFX" "Setupdark.exe""
filepath: cmd
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd
1 1 0
section {u'size_of_data': u'0x00015c00', u'virtual_address': u'0x00027000', u'entropy': 7.912547152349569, u'name': u'UPX1', u'virtual_size': u'0x00016000'} entropy 7.91254715235 description A section with a high entropy has been found
entropy 0.816901408451 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
file C:\Users\test22\AppData\Local\Temp\7zSFX\installer.exe
file C:\Users\test22\AppData\Local\Temp\7zSFX\installer.exe
file C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd
Lionic Trojan.Win32.Bsymem.4!c
MicroWorld-eScan Trojan.GenericKD.65962425
ClamAV Win.Malware.Misc-9963874-0
FireEye Trojan.GenericKD.65962425
Malwarebytes Malware.AI.4261796574
CrowdStrike win/grayware_confidence_70% (D)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Packed.Enigma.BV
Paloalto generic.ml
Kaspersky UDS:Trojan.Win32.Bsymem.akff
BitDefender Trojan.GenericKD.65962425
NANO-Antivirus Virus.Win64.Virut-Gen.bwpxnc
Avast FileRepMalware [Misc]
Sophos Generic ML PUA (PUA)
DrWeb Trojan.Inject4.54573
McAfee-GW-Edition Artemis!Virus
Emsisoft Trojan.GenericKD.65962425 (B)
SentinelOne Static AI - Suspicious SFX
Antiy-AVL HackTool/Win32.DefenderControl
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm UDS:Trojan.Win32.Bsymem.akff
GData Trojan.GenericKD.65962425
Google Detected
McAfee Artemis!D4FC8415802D
MAX malware (ai score=88)
Ikarus Worm.Win32.Fujack.o
Fortinet W32/PossibleThreat
AVG FileRepMalware [Misc]