popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

hkcmds.exe

Generic Malware UPX Malicious Library PE64 PNG Format PE File DLL PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 10, 2023, 7:43 a.m. Aug. 10, 2023, 7:45 a.m.
Size 367.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 e8ea1b6581dc17674bac8ab3202fa6f3
SHA256 a60c704c2880e95ec250fda4314421adb44b29fdb8ac3bc6c98c1166e051f507
CRC32 3C1E7F2C
ssdeep 6144:RM23f4A9+Jhh+UxFiBisayoz9kY3j1MAqpOjzwW7FAqA+ZrEH5iAelU33j8uC:jPFgHFxFixuuY3j1MnpOjz7BZrHhlU3U
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73955000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 79495168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x037d0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nspED5F.tmp\System.dll
file C:\Users\test22\AppData\Local\Temp\Mainprise139\pudrendes\Materialevandringer\Aquiclude\Barthiansk\RadioSupport.dll
file C:\Users\test22\AppData\Local\Temp\nspED5F.tmp\System.dll