popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup.exe

Suspicious_Script_Bin Malicious Library UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 14, 2023, 5:39 p.m. June 14, 2023, 5:43 p.m.
Size 49.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 ca29125444e8792b19fe34c901fc6721
SHA256 e04f145fecd6f431b99123abe51ee05b133a6743150ddce0e3ec81cb97d74dd1
CRC32 B9DC2FB7
ssdeep 1536:8nw8RSijDtSA5xeZ0DbBCcx4Romu/ssbt:AwDijpS4DbYcx45tsbt
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
file C:\Users\test22\AppData\Local\Temp\nspC2A0.tmp\r4Csniciez.exe
file C:\Users\test22\AppData\Local\Temp\nspC2A0.tmp\r2Csniciez.exe
file C:\Users\test22\AppData\Local\Temp\nspC2A0.tmp\rCsniciez.exe
file C:\Users\test22\AppData\Local\Temp\nspC2A0.tmp\r3Csniciez.exe