Summary | ZeroBOX

112.exe

UPX Malicious Library PE64 PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6401 July 24, 2023, 4:54 p.m. July 24, 2023, 5:02 p.m.
Size 7.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d301e057a599f796b6d1335a30efd1e7
SHA256 59595ebfcadd54198faf0ad6a2c2418a262cb3900392eacb285f2e32b631bf6c
CRC32 3FA59982
ssdeep 196608:04Qcq8KK8Ioew+kpFmLQFgYK6nHPTZar7crAHjDtqi/RzmTMNq/fw:EcqcRoe5kFmGbbSsADcMRCTJw
PDB Path D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0
pdb_path D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb
section .didat
resource name PNG
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
0x1e6604
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 07
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1e6604
registers.r14: 0
registers.r15: 0
registers.rcx: 48
registers.rsi: 49144
registers.r10: 0
registers.rbx: 8791664295936
registers.rsp: 4258424
registers.r11: 4256232
registers.r8: 1994794048
registers.r9: 5378617344
registers.rdx: 8796092887632
registers.r12: 0
registers.rbp: 4258544
registers.rdi: 1735309660
registers.rax: 1992192
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d62000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004730000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe
file C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe
file C:\Users\test22\AppData\Local\Temp\RarSFX0\G7H8j.exe
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Miner.4!c
FireEye Generic.mg.d301e057a599f796
Zillya Trojan.Generic.Win32.1726339
Sangfor Trojan.Win32.Save.a
Alibaba Packed:Win64/VMProtect_AGen.a6192379
Cybereason malicious.618b6f
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect_AGen.J suspicious
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Dropper.njRAT-9986242-0
Kaspersky Trojan.Win32.Miner.bcoln
Avast Win64:TrojanX-gen [Trj]
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1324403
TrendMicro Trojan.Win32.SMOKELOADER.YXDGWZ
McAfee-GW-Edition BehavesLike.Win32.Backdoor.wc
Ikarus Trojan.Win64.Krypt
Avira HEUR/AGEN.1324403
Gridinsoft Ransom.Win32.Wacatac.cl
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm Trojan.Win32.Miner.bcoln
GData Win32.Application.Coinminer.9IJ0BU
Google Detected
McAfee Artemis!D301E057A599
VBA32 TrojanSpy.Cordimik
Rising Trojan.Miner!8.EA1 (CLOUD)
Fortinet W32/Malicious_Behavior.SBX
AVG Win64:TrojanX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)