popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

win.exe

UPX Malicious Library PNG Format PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 12, 2023, 7:33 a.m. July 12, 2023, 7:37 a.m.
Size 286.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 db69af7fee69d61e4eb0268afb7cd9f8
SHA256 7644456ea433ce8755d64746d7420bcc88df377ac1242657f6428c4a9c51173a
CRC32 ADECAF5B
ssdeep 6144:mz2PI+nT0UvWKIAaMBzLpPCyw7QlBRg5cb3k+mKbG/ICLJqZ:BI4xTIJMxLoNiDkhKdCcZ
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2600
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732d2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2600
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2600
region_size: 72744960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d00000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsnF250.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\Tiptop\Uncatechizedness\Holabird\Dyndspringernes\osetupui.dll
file C:\Users\test22\AppData\Local\Temp\Tiptop\Uncatechizedness\Holabird\Dyndspringernes\osetupui.dll
file C:\Users\test22\AppData\Local\Temp\nsnF250.tmp\System.dll
Bkav W32.AIDetectMalware
Elastic malicious (moderate confidence)
Malwarebytes Trojan.GuLoader
CrowdStrike win/malicious_confidence_90% (W)
Cyren W32/Injector.YKDG-2233
ESET-NOD32 NSIS/Injector.ASH
APEX Malicious
TrendMicro Trojan.Win32.GULOADER.YXDGKZ
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
Webroot W32.Malware.Gen
Microsoft Trojan:Win32/Casdet!rfn
Gridinsoft Trojan.Win32.FormBook.bot
Google Detected
McAfee Artemis!DB69AF7FEE69
DeepInstinct MALICIOUS
TrendMicro-HouseCall Trojan.Win32.GULOADER.YXDGKZ
AVG FileRepMalware [Misc]
Cybereason malicious.fee69d
Avast FileRepMalware [Misc]