Summary | ZeroBOX

wininit.exe

Malicious Library UPX PE32 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6401 July 26, 2023, 7:43 a.m. July 26, 2023, 7:47 a.m.
Size 369.9KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 66a020cc3acbd4f1badbff616662ce02
SHA256 b36dee6691e5fe4f8caabfe5602e16b6a287f98aa3a13df2deedad15e31aec32
CRC32 1AE02288
ssdeep 6144:ryIIW3gq6qMsKF8W8YI1DpMWlUDCbjNDw9b5kZNgNsJZTpFZK:rv6qMHCW8YaVMWnb5DsyNgNsJZ
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73272000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2556
region_size: 48594944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03bc0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsoEE77.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\nsoEE77.tmp\System.dll
Bkav W32.AIDetectMalware
CrowdStrike win/malicious_confidence_60% (D)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Trapmine suspicious.low.ml.score
FireEye Generic.mg.66a020cc3acbd4f1
ZoneAlarm UDS:DangerousObject.Multi.Generic
Cylance unsafe
DeepInstinct MALICIOUS