Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 25, 2023, 4:58 p.m.	Sept. 25, 2023, 5:13 p.m.

Size	2.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c853a830fa2530a233e4a1eaf84b4273`
SHA256	`304cbd6f5879343c68561f1f167415d9d70c24e011c1ec114fca4e885e5a9ae7`
CRC32	`D81ACB45`
ssdeep	`49152:kA5ujhDMCeR3qwglCPz6ObJJoFj5OkuVoHKHEZD:kA5uj+wCL6VFF1HKHEV`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 25, 2023, 4:58 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 25, 2023, 4:58 p.m.		1	1	0

packer

Armadillo v1.71

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 25, 2023, 4:58 p.m.	stacktrace: RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559 RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639 RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95 free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x760b98cd conhost+0x13a9 @ 0x4013a9 conhost+0x115f @ 0x40115f conhost+0x6abc @ 0x406abc exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653 exception.instruction: jmp 0x76fde667 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 845395 exception.address: 0x76fde653 registers.esp: 1636712 registers.edi: 1637248 registers.eax: 1636728 registers.ebp: 1636832 registers.edx: 0 registers.ebx: 0 registers.esi: 3538944 registers.ecx: 2147483647	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 25, 2023, 4:58 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Bkav	W32.Common.3C99FC8D
Lionic	Trojan.Win32.Stealer.tsi1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.34161128
FireEye	Trojan.Generic.34161128
McAfee	Artemis!C853A830FA25
Cylance	unsafe
Sangfor	Trojan.Win32.Packed.Vn3h
K7AntiVirus	Trojan ( 005a24931 )
Alibaba	Packed:Win32/CoinMiner.8b989c67
K7GW	Trojan ( 005a24931 )
Arcabit	Trojan.Generic.D20941E8
Cyren	W32/Dropper.EM.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win32/Packed.7Zip.AI
Cynet	Malicious (score: 99)
ClamAV	Win.Keylogger.Gencbl-9969771-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.Generic.34161128
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.FalseSign.Ychl
Emsisoft	Trojan.Generic.34161128 (B)
F-Secure	Trojan.TR/AD.CoinMiner.nmppz
VIPRE	Trojan.Generic.34161128
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.7zip
Webroot	W32.Malware.Gen
Avira	TR/AD.CoinMiner.nmppz
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/ScarletFlash.A
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.Generic.34161128
Google	Detected
ALYac	Trojan.Generic.34161128
Malwarebytes	Trojan.Dropper
Panda	Trj/Chgt.AD
MAX	malware (ai score=83)
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_60% (D)

conhost.exe