popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ChromeSetup.exe

Malicious Library UPX PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 30, 2023, 8:49 a.m. July 30, 2023, 8:53 a.m.
Size 398.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 1f4365fb20db051b2b510416ee167971
SHA256 7f68efee50129fb2c25b58908d378d5d716113090c0169aa2dee3cec7f808421
CRC32 D4065305
ssdeep 6144:pBe337n8xkABZYQkutr1+8nkTN5044WYtiT+ab4nX55MjFGC9:q7LABZYQkul17kTXW9vab4X55MjFl9
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
162.55.60.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2032
region_size: 68562944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03a40000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsiC2CF.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\nsiC2CF.tmp\System.dll
host 162.55.60.2