popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

57BC9B7E.Png.ps1

Generic Malware Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 17, 2023, 4:31 p.m. July 17, 2023, 4:33 p.m.
Size 431.5KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 d88a9237dd21653ebb155b035aa9a33c
SHA256 46ba198ec579d4a968e9b7760e615a097c0de8889e7f3acb081dcc11de17f432
CRC32 7DF38675
ssdeep 12288:+ULN2KlaSre+eoce3vrybzg+kXTNmYJ+lU:6PToccvmQcq+O
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026eb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026ff000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef30000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3036
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026c9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Lionic Trojan.PowerShell.Generic.4!c
FireEye Trojan.GenericKD.39627661
Sangfor Trojan.Generic-PS.Save.af5de2cd
Arcabit Trojan.Generic.D25CAB8D
Cyren Trojan.AOIK-2
Symantec Exp.CVE-2022-21882
ESET-NOD32 PowerShell/RiskWare.Tater.A
Avast Other:Malware-gen [Trj]
Kaspersky HEUR:Trojan.PowerShell.Generic
BitDefender Trojan.GenericKD.39627661
MicroWorld-eScan Trojan.GenericKD.39627661
Emsisoft Trojan.GenericKD.39627661 (B)
DrWeb PowerShell.DownLoader.1767
VIPRE Trojan.GenericKD.39627661
McAfee-GW-Edition BehavesLike.PS.Dropper.gn
Sophos Mal/PSDL-J
MAX malware (ai score=80)
Antiy-AVL Trojan/Script.Wacatac
Microsoft Trojan:Script/Wacatac.B!ml
GData Trojan.GenericKD.39627661
Google Detected
AhnLab-V3 Trojan/Powershell.Inject
ALYac Trojan.PowerShell.Agent
Rising HackTool.Tater/PS!8.16240 (TOPIS:E0:pu11qYKEtOB)
Ikarus Trojan.PowerShell.Crypt
AVG Other:Malware-gen [Trj]