popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

c9665058c3ef16b

Malicious Library UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 19, 2023, 7:36 a.m. July 19, 2023, 7:38 a.m.
Size 485.5KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 0acb06da48d86e1ef15c27a4f5a3bddd
SHA256 bfa7adeda4597b70bf74a9f2032df2f87e07f2dbb46e85cb7c091b83161d6b0a
CRC32 162A0220
ssdeep 12288:1NsUjyDukqiudnJkx3piQLmGLvdnTJ0CRUyF1I3Kl:1mkyDuZiCccQLmGpTrCm1I3g
PDB Path d:\Projects\WinRAR\rar\build\rar32\Release\RAR.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: RAR 5.20 Copyright (c) 1993-2014 Alexander Roshal 2 Dec 2014
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Trial version Type RAR -? for help
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Usage: rar <command> -<switch 1> -<switch N> <archive> <files...>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: <@listfiles...> <path_to_extract\>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: <Commands>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: a Add files to archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: c Add archive comment
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ch Change archive parameters
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: cw Write archive comment to file
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: d Delete files from archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: e Extract files without archived paths
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: f Freshen files in archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: i[par]=<str> Find string in archives
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: k Lock archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: l[t[a],b] List archive contents [technical[all], bare]
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: m[f] Move to archive [files only]
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: p Print file to stdout
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: r Repair archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: rc Reconstruct missing volumes
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: rn Rename archived files
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: rr[N] Add data recovery record
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: rv[N] Create recovery volumes
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: s[name|-] Convert archive to or from SFX
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: t Test archive files
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: u Update files in archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: v[t[a],b] Verbosely list archive contents [technical[all],bare]
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: x Extract files with full path
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: <Switches>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: - Stop switches scanning
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: @[+] Disable [enable] file lists
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ac Clear Archive attribute after compression or extraction
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ad Append archive name to destination path
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ag[format] Generate archive name using the current date
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ai Ignore file attributes
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ao Add files with Archive attribute set
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ap<path> Set path inside archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: as Synchronize archive contents
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: c- Disable comments show
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: cfg- Disable read configuration
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: cl Convert names to lower case
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: cu Convert names to upper case
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: df Delete files after archiving
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: dh Open shared files
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: dr Delete files to Recycle Bin
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ds Disable name sort for solid archive
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: dw Wipe files after archiving
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: e[+]<attr> Set file exclude and include attributes
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ed Do not add empty directories
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: en Do not put 'end of archive' block
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ep Exclude paths from names
console_handle: 0x00000007
1 1 0
pdb_path d:\Projects\WinRAR\rar\build\rar32\Release\RAR.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0