popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cleanmgr.exe

UPX Malicious Library PNG Format PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 15, 2023, 7:25 a.m. June 15, 2023, 7:28 a.m.
Size 336.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 56677d90dd57da29bab6f859ee4b810d
SHA256 35cc748980e782ab4b0eef2eda48148a5bb416cd926407f7d4eb5cd527c3be24
CRC32 D1EC3350
ssdeep 6144:t9X0GiKbdOFMybyQL/8/WicQrzJKj5leufkfn7N1pL:T0XadOe8+cD5k/7NrL
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x741c4000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1932
region_size: 18259968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x027f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nseC213.tmp\System.dll
Time & API Arguments Status Return Repeated

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0

SetFileAttributesW

 file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
filepath: C:\Windows\resources\0409\Skrivepulten\Laxity\Scoringernes\Bettas.Alp
0 0
file C:\Users\test22\AppData\Local\Temp\nseC213.tmp\System.dll