popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

for_testing_MoSLxL.msi

Generic Malware Antivirus Malicious Library MSOffice File OS Processor Check CAB
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 26, 2023, 5:49 p.m. Sept. 26, 2023, 5:52 p.m.
Size 3.8MB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {50EF365E-EBB1-46D8-A51D-BF4610F24A61}, Number of Words: 10, Subject: Microsoft Edge, Author: Microsoft Corporation, Name of Creating Application: Advanced Installer 18.0 build 1a235518, Template: x64;1033, Comments: This installer database contains the logic and data required to install Microsoft Edge., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5 fc34773d1cac889d880340090cffcdde
SHA256 d9888218b459479d1e05f5f425f0e9db0cc2abedc715071d7f3afbf3a5473023
CRC32 FD21C570
ssdeep 98304:QYZdVAWWlLuKn4mesJQdqSqkxbpYlXMjP4IG:FglLlJHSfxVYFS4I
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Microsoft_Office_File_Zero - Microsoft Office File
  • CAB_file_format - CAB archive file
  • Antivirus - Contains references to security software
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: An expression was expected after '('.
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: At C:\Users\test22\AppData\Local\Temp\for_testing_MoSLxL.msi.ps1:3 char:1369
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: !"#$/0'()*+,-.þÿÿÿ15234
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: 86>B9:;<=@?AåFCDEä_
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: HIJKLMNOPQRSTUVWXYZ[
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: \]^þÿÿÿ`bocdefghijklmnp
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: qrstuvwxyz|ýÿÿÿ}~€Root
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: Entryÿÿÿÿÿÿÿÿ„
console_handle: 0x00000083
1 1 0

WriteConsoleW

 buffer: ÀFOÕf èÙ€‹SummaryInformation
console_handle: 0x0000008f
1 1 0

WriteConsoleW

 buffer: (ÿÿÿÿÿÿÿÿÿÿÿÿ
console_handle: 0x0000009b
1 1 0

WriteConsoleW

 buffer: X@HÊAùEÎF¨AøE(?(E8B±A(Hÿ
console_handle: 0x000000a7
1 1 0

WriteConsoleW

 buffer: ÿÿÿÿÿÿÿÿÿÿÿH@H?dA/B6H
console_handle: 0x000000b3
1 1 0

WriteConsoleW

 buffer: 7-ÿÿÿÿ
console_handle: 0x000000bf
1 1 0

WriteConsoleW

 buffer: P@H?;òC8D±E
console_handle: 0x000000cb
1 1 0

WriteConsoleW

 buffer: ÿÿÿÿÿÿÿÿÿÿÿÿÈ@
console_handle: 0x000000d7
1 1 0

WriteConsoleW

 buffer: H??wElDj>²D/Hÿÿÿÿÿÿÿÿ
console_handle: 0x000000e3
1 1 0

WriteConsoleW

 buffer: „ ,@H??wElDj;äE$H
console_handle: 0x000000ef
1 1 0

WriteConsoleW

 buffer: ÿÿÿÿÿÿÿÿÿÿÿÿ
console_handle: 0x000000fb
1 1 0

WriteConsoleW

 buffer: LN@HBäExE( <<<< ;2D³D1BñE6H
console_handle: 0x00000107
1 1 0

WriteConsoleW

 buffer: /ÿÿÿÿ@
console_handle: 0x00000113
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordEx
console_handle: 0x0000012b
1 1 0

WriteConsoleW

 buffer: ception
console_handle: 0x00000137
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : ExpectedExpression
console_handle: 0x00000143
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004d7ac0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004d7ac0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0044bd40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0044bd40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0254b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05fd0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06110000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06111000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06112000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06113000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06114000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06115000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06116000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06117000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0611b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0612c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0612d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0612e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0255f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024e9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05540000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05542000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2072
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05543000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
McAfee Artemis!E92F641A7F27
K7AntiVirus Trojan ( 005ab3ba1 )
K7GW Trojan ( 005ab3ba1 )
ESET-NOD32 a variant of Win32/TrojanDownloader.Rugmi.AAN
Avast Win32:Agent-BDNK [Drp]
Kaspersky HEUR:Trojan.Win32.Penguish.gen
NANO-Antivirus Virus.Win32.Gen.ccmw
Tencent Malware.Win32.Gencirc.11b6b541
Sophos Mal/Generic-S
Antiy-AVL Trojan/Win32.Penguish
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm HEUR:Trojan.Win32.Penguish.gen
AVG Win32:Agent-BDNK [Drp]