popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Ahdlcrjjdjdlgf.exe

Hide_EXE UPX Malicious Library Malicious Packer PE32 PE File MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 9, 2023, 9:22 a.m. Aug. 9, 2023, 9:26 a.m.
Size 1.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 053052690586782a411f46ec2bf255fb
SHA256 2f1ca9ea9c439cddf83672896fe9810ce3d3aa2218f3718f121e90a19e3a25e6
CRC32 FA3832AC
ssdeep 24576:O+wrBX18XhVRGTbabra2OYSRf9PhHt8AE:OrnHXKD
Yara
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • hide_executable_file - Hide executable file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .itext
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1256
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0018f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00514000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 163840
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x02dd1000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
DrWeb Trojan.DownLoader45.64659
MicroWorld-eScan Gen:Variant.Ser.Strictor.1843
FireEye Generic.mg.053052690586782a
McAfee Artemis!053052690586
Malwarebytes Generic.Malware/Suspicious
Sangfor Downloader.Win32.Modiloader.Vymj
K7AntiVirus Trojan-Downloader ( 005a6fcb1 )
K7GW Trojan-Downloader ( 005a6fcb1 )
Cyren W32/Downloader.LTUI-7554
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/TrojanDownloader.ModiLoader.KQ
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Gen:Variant.Ser.Strictor.1843
Avast FileRepMalware [Misc]
Emsisoft Gen:Variant.Ser.Strictor.1843 (B)
McAfee-GW-Edition BehavesLike.Win32.Infected.th
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira TR/AD.Nekark.tmizu
MAX malware (ai score=84)
Gridinsoft Trojan.Win32.Gen.bot
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Ser.Strictor.1843
Google Detected
VBA32 Malware-Cryptor.Inject.gen
Cylance unsafe
Panda Trj/RnkBend.A
TrendMicro-HouseCall TROJ_GEN.R002H0CH823
Rising Downloader.ModiLoader!8.17B13 (TFE:5:eRvlSPVyf1)
Ikarus Trojan-Downloader.Win32.Modiloader
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/ModiLoader.KQ!tr.dldr
AVG FileRepMalware [Misc]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)