Summary | ZeroBOX

Historiers.exe

UPX Malicious Library PE64 PNG Format PE File DLL OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6401 July 12, 2023, 5:24 p.m. July 12, 2023, 5:44 p.m.
Size 388.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 109dbd7130e7c7e519eddac87ccbc34c
SHA256 40b6dc77998b71663fd29997962bec3b46647e8ee70cf3d579aed14ead46d660
CRC32 89BE8C56
ssdeep 12288:4iuXtDKp9x6t/4W+OzWhYjjK5OuodU8R03xkH:EKr6SOz1jQb8UsMW
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73352000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2628
region_size: 15888384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03e90000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Gavstrikkernes\Coronaled182\Ambatch\AsProcessHelper.dll
file C:\Users\test22\AppData\Local\Temp\nsvF484.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\nsvF484.tmp\System.dll
Time & API Arguments Status Return Repeated

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020119
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sumpgassen
2 0
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
DrWeb Trojan.Loader.1597
MicroWorld-eScan Gen:Variant.Nemesis.25214
McAfee Artemis!109DBD7130E7
CrowdStrike win/malicious_confidence_70% (W)
K7GW Trojan ( 005903451 )
K7AntiVirus Trojan ( 005903451 )
Arcabit Trojan.Nemesis.D627E
Cyren W32/Injector.IXZN-5720
Symantec Trojan.Gen.MBT
ESET-NOD32 NSIS/Injector.ASH
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Makoob.gen
BitDefender Gen:Variant.Nemesis.25214
Avast Win32:Evo-gen [Trj]
Emsisoft Gen:Variant.Nemesis.25214 (B)
VIPRE Gen:Variant.Nemesis.25214
McAfee-GW-Edition BehavesLike.Win32.BadFile.fc
FireEye Gen:Variant.Nemesis.25214
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm HEUR:Trojan.Win32.Makoob.gen
GData Gen:Variant.Nemesis.25214
Google Detected
AhnLab-V3 Downloader/Win.GuLoader.C5451771
MAX malware (ai score=80)
Malwarebytes Trojan.Crypt
Yandex Trojan.Igent.b0ttLZ.23
Ikarus Trojan.NSIS.Agent
AVG Win32:Evo-gen [Trj]