Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 23, 2023, 1:01 p.m.	March 23, 2023, 1:25 p.m.

Size	52.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`77d8ff584c4a6be6e927107aa7aa813b`
SHA256	`d8163bf2b105cf122924ad6d1e0e03331bbf8e9f4b8f81688f210d825587c141`
CRC32	`4D90DE7D`
ssdeep	`384:SGdNcvxQvum6teBIUaHe7+j2Hk94IdcbQuqTZRUJM4AgRFgYjPlJf7jXOuoBqz6d:SacvKbBz7+pdOM3TCqNWPvfv+VNEtQ5`
PDB Path	c:\Users\Administrator\Desktop\316.5\shellcodeloder\release\shellcodeloder.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
1.12.242.71	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 1.12.242.71:9999	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode

No Suricata TLS

pdb_path

c:\Users\Administrator\Desktop\316.5\shellcodeloder\release\shellcodeloder.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 23, 2023, 1:01 p.m.		1	1	0

Time & API	Arguments	Status
NtAllocateVirtualMemory March 23, 2023, 1:01 p.m.	process_identifier: 2056 region_size: 315392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2023, 1:01 p.m.	process_identifier: 2056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 1355776 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2023, 1:01 p.m.	process_identifier: 2056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 286720 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1014c000 process_handle: 0xffffffff	1

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW March 23, 2023, 1:01 p.m.	total_number_of_free_bytes: 9934143488 free_bytes_available: 9934143488 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: conhost.exe process_identifier: 1028	1	1	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076	1	1	0

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0
Process32NextW March 23, 2023, 1:01 p.m.	snapshot_handle: 0x00000258 process_name: pw.exe process_identifier: 2076		0	0

host

1.12.242.71

Lionic	Trojan.Win32.Zenpak.4!c
DrWeb	Trojan.DownLoader7.33859
MicroWorld-eScan	Gen:Variant.Zusy.452794
ALYac	Gen:Variant.Zusy.452794
Malwarebytes	Malware.AI.3996680019
VIPRE	Gen:Variant.Zusy.452794
Sangfor	Trojan.Win32.Rozena.Viyf
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Zenpak.591409bc
K7GW	Trojan ( 005a0fae1 )
K7AntiVirus	Trojan ( 005a0fae1 )
Arcabit	Trojan.Zusy.D6E8BA
BitDefenderTheta	Gen:NN.ZexaF.36344.dqW@ayveWhoi
VirIT	Trojan.Win32.Genus.OQP
Cyren	W32/ABRisk.DEET-1671
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/Rozena.BQM
Cynet	Malicious (score: 99)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Zenpak.gen
BitDefender	Gen:Variant.Zusy.452794
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Zenpak.Yimw
TrendMicro	TROJ_GEN.R002C0DCM23
McAfee-GW-Edition	Artemis!Trojan
FireEye	Gen:Variant.Zusy.452794
Emsisoft	Gen:Variant.Zusy.452794 (B)
Jiangmin	Trojan/Generic.alimm
Avira	TR/Rozena.aexkw
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Win32.Rozena
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Rozena.RK!MTB
ViRobot	Trojan.Win.Z.Zusy.53248.U
GData	Gen:Variant.Zusy.452794
Google	Detected
McAfee	Artemis!77D8FF584C4A
VBA32	BScope.Trojan.Zenpak
TrendMicro-HouseCall	TROJ_GEN.R002C0DCM23
Rising	Trojan.Generic@AI.84 (RDML:pi7A+OY26Z4YlhNMNuFxMQ)
Ikarus	Worm.Win32.Slenfbot
Fortinet	W32/Rozena.BQM!tr
AVG	Win32:Trojan-gen
Panda	Trj/Chgt.AC

Firefox1.exe