popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

syscall.exe

Gen1 Malicious Library UPX PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 31, 2023, 2:55 p.m. Aug. 31, 2023, 2:57 p.m.
Size 213.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c95d214005076e29185b0f9cb05adcd9
SHA256 3953ea56a2d94506f51e21be5f4342f21293c7fc3e2e46549098819b1ee8d4b6
CRC32 53D5C265
ssdeep 3072:CY1s5eM5gDRiLpL27b+5S8TF4w/VHli9kcjzAx:3s5eLNidiuk8Jpj
PDB Path F:\cproject\syscall\x64\Release\syscall.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path F:\cproject\syscall\x64\Release\syscall.pdb
section _RDATA
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x0000000000000034
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: smss.exe
process_identifier: 224
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: csrss.exe
process_identifier: 304
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: wininit.exe
process_identifier: 352
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: csrss.exe
process_identifier: 360
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: winlogon.exe
process_identifier: 400
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: services.exe
process_identifier: 444
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: lsass.exe
process_identifier: 460
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: lsm.exe
process_identifier: 468
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 572
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 652
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 724
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 784
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 832
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: audiodg.exe
process_identifier: 900
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 992
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 292
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: spoolsv.exe
process_identifier: 324
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 1048
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: srvany.exe
process_identifier: 1284
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: KMService.exe
process_identifier: 1436
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: conhost.exe
process_identifier: 1448
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: taskhost.exe
process_identifier: 1600
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: sppsvc.exe
process_identifier: 1820
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: svchost.exe
process_identifier: 1896
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: dwm.exe
process_identifier: 1260
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: explorer.exe
process_identifier: 1452
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: pw.exe
process_identifier: 988
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: SearchIndexer.exe
process_identifier: 1160
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: SearchProtocolHost.exe
process_identifier: 936
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: SearchFilterHost.exe
process_identifier: 2000
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: mobsync.exe
process_identifier: 2276
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: pw.exe
process_identifier: 2320
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: wsqmcons.exe
process_identifier: 2360
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: taskhost.exe
process_identifier: 2368
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: sdclt.exe
process_identifier: 2376
1 1 0

Process32NextW

 snapshot_handle: 0x0000000000000034
process_name: syscall.exe
process_identifier: 2552
1 1 0
Elastic malicious (moderate confidence)
MicroWorld-eScan Generic.Trojan.Buggie.Marte.C.86071BAF
FireEye Generic.Trojan.Buggie.Marte.C.86071BAF
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win64/MalwareX.0e9818a8
Arcabit Generic.Trojan.Buggie.Marte.C.D15037BAF
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Agent_AGen.AKJ
Kaspersky UDS:Trojan.Win64.Shlem.jru
BitDefender Generic.Trojan.Buggie.Marte.C.86071BAF
Emsisoft Generic.Trojan.Buggie.Marte.C.86071BAF (B)
Sophos Mal/Generic-S
Gridinsoft Trojan.Win64.CobaltStrike.bot
Microsoft VirTool:Win32/Sysdupate.gen!D
ZoneAlarm UDS:Trojan.Win64.Shlem.jru
GData Generic.Trojan.Buggie.Marte.C.86071BAF
MAX malware (ai score=84)
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4090400245
Rising Trojan.Agent!8.B1E (CLOUD)