popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

igccu.exe

NSIS UPX Malicious Library PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 16, 2023, 2:01 p.m. Sept. 16, 2023, 2:03 p.m.
Size 304.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 7792584e7661ad0c5fee992337ebf3bd
SHA256 de4ef75364ba63f25b2e9a05fc2114b0a7d82018616a7b70e4000359ff2b0078
CRC32 A9C7ED4D
ssdeep 6144:vYa6gi2ZkuDQPs5y7OzwMsYnkbPzjRtftCZ0PDHcFYjvMCU9+kuZJ0vA5sKfkj:vY2quD+8QMsHXXfAZQQYTwuZJjtU
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xffe1f150
registers.esp: 5175456
registers.edi: 0
registers.eax: 1968976824
registers.ebp: 5175464
registers.edx: 4292997456
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2660
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2660
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\egtgjntc.exe
file C:\Users\test22\AppData\Local\Temp\egtgjntc.exe
file C:\Users\test22\AppData\Local\Temp\egtgjntc.exe
Process injection Process 2660 called NtSetContextThread to modify thread in remote process 2704
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 5175556
registers.edi: 0
registers.eax: 1175888
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x000000cc
process_identifier: 2704
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Strab.4!c
DrWeb Trojan.Siggen21.29362
MicroWorld-eScan Trojan.NSISX.Spy.Gen.24
ALYac Trojan.NSISX.Spy.Gen.24
Malwarebytes Trojan.Injector
VIPRE Trojan.NSISX.Spy.Gen.24
Sangfor Suspicious.Win32.Save.ins
Alibaba Trojan:Win32/Injector.4aaf6ffc
Arcabit Trojan.NSISX.Spy.Gen.24 [many]
BitDefenderTheta Gen:NN.ZexaE.36662.kuW@aaL6vFai
Cyren W32/Ninjector.JO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Injector_AGen.ACO
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky UDS:Trojan.Win32.Strab.gen
BitDefender Trojan.NSISX.Spy.Gen.24
Avast FileRepMalware [Misc]
Emsisoft Trojan.NSISX.Spy.Gen.24 (B)
F-Secure Trojan.TR/Redcap.bixdi
TrendMicro TROJ_GEN.R002C0DIF23
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.7792584e7661ad0c
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Webroot W32.Infostealer.Gen
Avira TR/AD.Swotter.hopnz
MAX malware (ai score=87)
Gridinsoft Ransom.Win32.Sabsik.sa
Microsoft Trojan:Win32/Znyonm
ViRobot Trojan.Win.Z.Injector.311786
ZoneAlarm UDS:Trojan.Win32.Strab.gen
GData Trojan.NSISX.Spy.Gen.24
Google Detected
AhnLab-V3 Trojan/Win.Generic.R587806
McAfee Artemis!7792584E7661
VBA32 BScope.Trojan.Injector
Cylance unsafe
Panda Trj/Chgt.AD
Rising Trojan.Lokibot!8.F1B5 (TFE:5:ZoNltB2LBNO)
Ikarus Trojan.Win32.Injector
Fortinet NSIS/Injector.ETGJ!tr
AVG FileRepMalware [Misc]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)