popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

white.exe

NPKI Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 31, 2023, 4:32 p.m. March 31, 2023, 4:33 p.m.
Size 2.6MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 89a133e7158e8bb6e2614a7c9bd7ff5d
SHA256 b974225598477c7a4692e46cb12da74272a55f762f4e4b2539ce43ea5d502b61
CRC32 EB6034A9
ssdeep 24576:IBHp0AVAyuFvrOaq7Dk17o3SFGAcRbNft7+xElgjRcDJLX2FmI7oyO:IBHSQkFSDk1E+GtJNft7WjjRcVLT
Yara
  • UPX_Zero - UPX packed file
  • NPKI_Zero - File included NPKI
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
79.137.206.15 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://79.137.206.15/385785d59336a866.php
request POST http://79.137.206.15/385785d59336a866.php
request POST http://79.137.206.15/385785d59336a866.php
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 2260992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x290f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76f2f000
process_handle: 0xffffffff
1 0 0
host 79.137.206.15
MicroWorld-eScan Trojan.GenericKD.66166762
Malwarebytes Spyware.Stealc
Arcabit Trojan.Generic.D3F19FEA
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/Kryptik.HTEZ
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-PSW.Win32.Stealerc.gen
BitDefender Trojan.GenericKD.66166762
Avast Win32:PWSX-gen [Trj]
Emsisoft Trojan.GenericKD.66166679 (B)
F-Secure Trojan.TR/AD.Stealc.juiav
DrWeb BackDoor.Spy.3903
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.89a133e7158e8bb6
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira TR/AD.Stealc.juiav
Gridinsoft Malware.Win32.Gen.bot
Microsoft TrojanDownloader:Win32/Tnega!MSR
ZoneAlarm HEUR:Trojan-PSW.Win32.Stealerc.gen
GData Win32.Trojan-Stealer.StealC.FPWUAG
Google Detected
McAfee Artemis!89A133E7158E
MAX malware (ai score=85)
Rising Stealer.Stealerc!8.17BE0 (CLOUD)
Ikarus Trojan.Win32.Agent
Fortinet W32/Agent_AGen.APD!tr
BitDefenderTheta Gen:NN.ZexaF.36344.PM2@a4wjBpYT
AVG Win32:PWSX-gen [Trj]