Summary | ZeroBOX

Guendengf.exe

EnigmaProtector UPX Antivirus Malicious Packer Malicious Library DLL OS Processor Check PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 2, 2023, 4:49 p.m. Aug. 2, 2023, 4:55 p.m.
Size 12.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6e5ca3cddbfdd665aa1789800d0963b2
SHA256 c329a69681817bbb4d99573eb9eb47efaa0c5c20437d0b21afc2b41348de3fb5
CRC32 4E0C3DD3
ssdeep 196608:jdk7WnPzCeEnBjxQn4ir1XVZdLERR+wxpB1sTDBFmW:3GeERKnThVgR+M1sPXmW
Yara
  • UPX_Zero - UPX packed file
  • EnigmaProtector_IN - EnigmaProtector
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0
section .didat
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_CURSOR language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfb7e8 size 0x00000134
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfbb10 size 0x00000144
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bc46a0 size 0x00000128
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bc46a0 size 0x00000128
name RT_MENU language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bc47f0 size 0x00000108
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfba20 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfba20 size 0x00000034
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfba20 size 0x00000034
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00bfc968 size 0x00000030
file C:\Program Files\MSXML 3.88\StatisLite.dll
file C:\Program Files\MSXML 3.88\layering.exe
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeTcbPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeLoadDriverPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeSecurityPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeTakeOwnershipPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
1 1 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Doina.4!c
Elastic malicious (high confidence)
DrWeb Trojan.Siggen7.5589
MicroWorld-eScan Gen:Variant.Doina.58864
FireEye Generic.mg.6e5ca3cddbfdd665
McAfee Artemis!6E5CA3CDDBFD
Cylance unsafe
Sangfor Trojan.Win32.Agent.V7i8
Alibaba Trojan:Win32/Kryptik.080eccd8
Cybereason malicious.837150
Arcabit Trojan.Doina.DE5F0
BitDefenderTheta Gen:NN.ZexaF.36348.@B0@aydG!Vfj
Symantec ML.Attribute.HighConfidence
ESET-NOD32 multiple detections
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Doina.58864
Avast FileRepMalware [Misc]
Emsisoft Gen:Variant.Doina.58864 (B)
F-Secure Trojan.TR/Crypt.Agent.fctwa
VIPRE Gen:Variant.Doina.58864
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Avira TR/Crypt.Agent.fctwa
Microsoft Backdoor:Win32/Farfli.BI!MTB
GData Gen:Variant.Doina.58864
Cynet Malicious (score: 99)
VBA32 BScope.Trojan.Casur
ALYac Gen:Variant.Doina.58864
MAX malware (ai score=85)
Malwarebytes Malware.AI.1038676933
TrendMicro-HouseCall TROJ_GEN.R002H09H123
Fortinet W32/NDAoF
AVG FileRepMalware [Misc]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)