Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2023, 7:41 a.m.	Sept. 4, 2023, 7:44 a.m.

Size	44.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`22b68c2a1c11338ab377d6767ebe31b2`
SHA256	`a9e5549dc112cd38b3a3185a3d74fb70d82f32a28a275256f88fc73b87a9a4ec`
CRC32	`5F7FB63B`
ssdeep	`786432:/bhWAKaGkwwO69eZeg6Amd5LEw4OUBKZKN1GJoayr0xmyVMtIa7o:lDKaGkw969e96AwmBKsN1GJovg/VoIOo`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

infolive_setup.exe "C:\Users\test22\AppData\Local\Temp\infolive_setup.exe"
2660
- cmd.exe cmd /c ""C:\infolive\reg.bat" "
  2980
  - regsvr32.exe regsvr32 /s C:\infolive\vfpres.dll
    3056
  - regsvr32.exe regsvr32 /s C:\infolive\MSCOMM32.ocx
    1152
  - regsvr32.exe regsvr32 /s C:\infolive\msvcr71.dll
    1728
  - regsvr32.exe regsvr32 /s C:\infolive\vfp9r.dll
    2136
  - regsvr32.exe regsvr32 /s C:\infolive\VFP9RENU.DLL
    2184
  - regsvr32.exe regsvr32 /s C:\infolive\vfpcom.dll
    2260
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfpres.dll
    2440
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\MSCOMM32.ocx
    2464
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\msvcr71.dll
    2636
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfp9r.dll
    2420
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\VFP9RENU.DLL
    2740
  - regsvr32.exe C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfpcom.dll
    284
  - regedit.exe regedit.exe /S C:\infolive\patch.reg
    2844
  - regedit.exe regedit.exe /S C:\infolive\odbc.reg
    2888
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Sept. 4, 2023, 7:42 a.m.	computer_name: TEST22-PC	1	1	0

Command line console output was observed (42 events)

Time & API	Arguments	Status	Return
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfpres.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\MSCOMM32.ocx console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\msvcr71.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfp9r.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\VFP9RENU.DLL console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfpcom.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfpres.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\MSCOMM32.ocx console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\msvcr71.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfp9r.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\VFP9RENU.DLL console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\Windows\Syswow64\regsvr32 console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /s C:\infolive\vfpcom.dll console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regedit.exe console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /S C:\infolive\patch.reg console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: C:\infolive> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: regedit.exe console_handle: 0x00000007	1	1
WriteConsoleW Sept. 4, 2023, 7:42 a.m.	buffer: /S C:\infolive\odbc.reg console_handle: 0x00000007	1	1

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 4, 2023, 7:41 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

One or more processes crashed (4 events)

Time & API	Arguments	Status
__exception__ Sept. 4, 2023, 7:42 a.m.	stacktrace: exception.instruction_r: c8 00 00 00 55 8b 75 08 8b 7d 0c fc b2 80 a4 e8 exception.instruction: enter 0, 0 exception.exception_code: 0xc0000005 exception.symbol: CloseCryptVB+0x13b30 vfpres+0x37200 exception.address: 0x457200 registers.esp: 2811576 registers.edi: 4543098 registers.eax: 307407 registers.ebp: 307407 registers.edx: 32 registers.ebx: 4538747 registers.esi: 4538831 registers.ecx: 0	1
__exception__ Sept. 4, 2023, 7:42 a.m.	stacktrace: DllUnregisterServer+0x11f mscomm32+0x9e7d @ 0x21c19e7d DllRegisterServer+0x5 DllUnregisterServer-0x18 mscomm32+0x9d46 @ 0x21c19d46 regsvr32+0x2669 @ 0xe32669 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 c7 45 fc fe ff ff ff exception.symbol: lstrlen+0x1a lstrcmpW-0x3f kernelbase+0xa34a exception.instruction: mov cl, byte ptr [eax] exception.module: KERNELBASE.dll exception.exception_code: 0xc0000005 exception.offset: 41802 exception.address: 0x7597a34a registers.esp: 3074680 registers.edi: 1968986699 registers.eax: 2 registers.ebp: 3074720 registers.edx: 3 registers.ebx: 0 registers.esi: 566362444 registers.ecx: 2280521728	1
__exception__ Sept. 4, 2023, 7:42 a.m.	stacktrace: exception.instruction_r: c8 00 00 00 55 8b 75 08 8b 7d 0c fc b2 80 a4 e8 exception.instruction: enter 0, 0 exception.exception_code: 0xc0000005 exception.symbol: CloseCryptVB+0x13b30 vfpres+0x37200 exception.address: 0x377200 registers.esp: 2286848 registers.edi: 3625594 registers.eax: 4294357199 registers.ebp: 4294357199 registers.edx: 32 registers.ebx: 3621243 registers.esi: 3621327 registers.ecx: 0	1
__exception__ Sept. 4, 2023, 7:42 a.m.	stacktrace: DllUnregisterServer+0x11f mscomm32+0x9e7d @ 0x21c19e7d DllRegisterServer+0x5 DllUnregisterServer-0x18 mscomm32+0x9d46 @ 0x21c19d46 regsvr32+0x2669 @ 0xc12669 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 c7 45 fc fe ff ff ff exception.symbol: lstrlen+0x1a lstrcmpW-0x3f kernelbase+0xa34a exception.instruction: mov cl, byte ptr [eax] exception.module: KERNELBASE.dll exception.exception_code: 0xc0000005 exception.offset: 41802 exception.address: 0x7597a34a registers.esp: 2025556 registers.edi: 1968986699 registers.eax: 2 registers.ebp: 2025596 registers.edx: 3 registers.ebx: 0 registers.esi: 566362444 registers.ecx: 3192389632	1

Allocates read-write-execute memory (usually to unpack itself) (22 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 4, 2023, 7:41 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d62000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 4, 2023, 7:36 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000046d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 1152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x21c11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 1152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73881000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 1728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7c37a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c3fc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73881000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75511000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7c37a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1000f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x21c11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73821000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7c37a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c3fc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73821000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75511000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7c37a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 2420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 4, 2023, 7:42 a.m.	process_identifier: 284 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x1000f000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW Sept. 4, 2023, 7:35 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 13213384704 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer total_number_of_bytes: 0	1	1	0

Creates executable files on the filesystem (29 events)

file	C:\infolive\_bms.dll
file	C:\infolive\Cpuinf32.dll
file	C:\infolive\vfpres.dll
file	C:\infolive\updater.bat
file	C:\infolive\setup.exe
file	C:\infolive\infolive.exe
file	C:\infolive\MSCOMM32.OCX
file	C:\infolive\VBAME.DLL
file	C:\infolive\vfp9r.dll
file	C:\infolive\register.bat
file	C:\infolive\MS64.DLL
file	C:\infolive\VFP9RENU.DLL
file	C:\infolive\msvcr71.dll
file	C:\infolive\aamd532.dll
file	C:\infolive\download.vbs
file	C:\infolive\ChangeBetType.exe
file	C:\infolive\dbxsmtp.dll
file	C:\infolive\Setup1.msi
file	C:\infolive\MS32.dll
file	C:\infolive\vfpcom.dll
file	C:\infolive\patch.reg
file	C:\infolive\reg.bat
file	C:\infolive\ResetAuthenticate.exe
file	C:\infolive\odbc.reg
file	C:\infolive\Initialize.exe
file	C:\Users\test22\Desktop\InfoLive.lnk
file	C:\infolive\dbximage.dll
file	C:\infolive\Preferences.exe
file	C:\infolive\InitializeBets.exe

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\Desktop\InfoLive.lnk

Creates a suspicious process (12 events)

cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfpres.dll
cmdline	regsvr32 /s C:\infolive\MSCOMM32.ocx
cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\MSCOMM32.ocx
cmdline	regsvr32 /s C:\infolive\vfpres.dll
cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfp9r.dll
cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\vfpcom.dll
cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\VFP9RENU.DLL
cmdline	C:\Windows\Syswow64\regsvr32 /s C:\infolive\msvcr71.dll
cmdline	regsvr32 /s C:\infolive\VFP9RENU.DLL
cmdline	regsvr32 /s C:\infolive\vfpcom.dll
cmdline	regsvr32 /s C:\infolive\msvcr71.dll
cmdline	regsvr32 /s C:\infolive\vfp9r.dll

Drops a binary and executes it (1 event)

file	C:\infolive\reg.bat

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 4, 2023, 7:41 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x7ef90000 process_handle: 0xffffffff	1	0	0

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Sangfor	Trojan.Win32.Agent.Vu07
K7AntiVirus	Trojan ( 005506ea1 )
K7GW	Trojan ( 005506ea1 )
APEX	Malicious
Avast	Win32:Malware-gen
Rising	Trojan.Generic@AI.87 (RDML:D2zJSotK4qSgAw/76GZAlg)
McAfee-GW-Edition	HTool-VBSDldr
Gridinsoft	Trojan.Win32.Agent.sa
Zoner	Probably Heur.ExeHeaderP
SentinelOne	Static AI - Suspicious SFX
Fortinet	VBS/Agent.ODO!tr
AVG	Win32:Malware-gen

infolive_setup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All