popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AMSI.exe

Emotet Gen1 Generic Malware Malicious Library Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) .NET DLL dll PE File OS Processor Check PE32 DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 28, 2023, 1:50 a.m. Aug. 28, 2023, 1:52 a.m.
Size 6.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a48cb4ce6676d6c36cc5a40434cd629d
SHA256 731cd163caaa25f6c3f0a04796fcd0239295cdf768da99c608c6a917b3dc0b60
CRC32 EECE0956
ssdeep 98304:DFUc2GZJ8MmNmaKZcaIZiiAWmWVglqWjfMX/y5oVqLn/oApyCPA4bp2FzZT0jufm:AGZJ8Mm46JHmNkWu/ySQxyqbpSzZTfuf
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfc90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcp90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcm90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pythoncom27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfcm90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfcm90u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcr90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\python27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pywintypes27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfc90u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\python27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pyexpat.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\_ssl.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcr90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfcm90u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfc90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcp90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\_socket.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\win32api.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\win32trace.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfc90u.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\win32pipe.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pythoncom27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\bz2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\_ctypes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pyHook._cpyHook.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\_hashlib.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\pywintypes27.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\msvcm90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\mfcm90.dll
file C:\Users\test22\AppData\Local\Temp\_MEI30122\win32ui.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI30122\unicodedata.pyd
Time & API Arguments Status Return Repeated

SetWindowsHookExA

 thread_identifier: 0
callback_function: 0x69dc36b4
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x008c0000
1 459113 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
Cynet Malicious (score: 100)
McAfee Artemis!A48CB4CE6676
Cylance unsafe
APEX Malicious
ClamAV Win.Exploit.Swrort-9838978-0
Kaspersky Trojan-Spy.Python.Agent.bh
McAfee-GW-Edition BehavesLike.Win32.Generic.vc
Sophos Mal/Generic-S
Google Detected
Fortinet Riskware/Application
Cybereason malicious.64500c