Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 1, 2023, 5:15 p.m.	Oct. 1, 2023, 5:17 p.m.

Size	348.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`ff5073e7ca0e1ec86ee0268f040af237`
SHA256	`8b8f90243e714bc9f2f2bdd1a70bd0f884b7915aa7d04bb456603ae82e871e8d`
CRC32	`F371FA3C`
ssdeep	`6144:GnPdudwDNA/zUz6mvUwSaLHqhcSB6xhyLWshdUDBweVyP2IjksQNFFa8/SLm:GnPdZ8U9UwS6OcKAoTUl6fksG`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 1, 2023, 5:15 p.m.		1	1	0

section

.ndata

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 1, 2023, 5:15 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0xffd7f0e0 registers.esp: 4390292 registers.edi: 0 registers.eax: 1968976824 registers.ebp: 4390300 registers.edx: 4292341984 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1	0	0

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 1, 2023, 5:15 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 1, 2023, 5:15 p.m.	process_identifier: 2656 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00520000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 1, 2023, 5:15 p.m.	process_identifier: 2656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00530000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

file	C:\Users\test22\AppData\Local\Temp\tjwcbu.exe

file	C:\Users\test22\AppData\Local\Temp\tjwcbu.exe

file	C:\Users\test22\AppData\Local\Temp\tjwcbu.exe

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2656 called NtSetContextThread to modify thread in remote process 2708
NtSetContextThread Oct. 1, 2023, 5:15 p.m.	registers.eip: 1995571652 registers.esp: 4390392 registers.edi: 0 registers.eax: 848096 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000000cc process_identifier: 2708	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Strab.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.NSISX.Spy.Gen.24
McAfee	Artemis!FF5073E7CA0E
Malwarebytes	Trojan.Injector
Sangfor	Spyware.Win32.Injector.V3jn
K7AntiVirus	Trojan ( 005abde11 )
Alibaba	Trojan:Win32/Strab.940d2679
K7GW	Trojan ( 005abde11 )
Cybereason	malicious.ce5e06
Arcabit	Trojan.NSISX.Spy.Gen.24 [many]
BitDefenderTheta	Gen:NN.ZexaF.36738.muW@aqNo5cbi
Cyren	W32/Kryptik.KSY.gen!Eldorado
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Injector.ETIL
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Strab.gen
BitDefender	Trojan.NSISX.Spy.Gen.24
Avast	Win32:AdwareX-gen [Adw]
Emsisoft	Trojan.NSISX.Spy.Gen.24 (B)
F-Secure	Heuristic.HEUR/AGEN.1318984
DrWeb	Trojan.Loader.1550
VIPRE	Trojan.NSISX.Spy.Gen.24
TrendMicro	TROJ_GEN.R002C0XIT23
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
FireEye	Generic.mg.ff5073e7ca0e1ec8
Sophos	Mal/Generic-S
Jiangmin	Trojan.Fsysna.pez
Webroot	W32.Trojan.NSISX.Spy
Avira	HEUR/AGEN.1337940
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.Injector
Kingsoft	malware.kb.a.971
Gridinsoft	Trojan.Win32.FormBook.bot
Microsoft	Trojan:Win32/FormBook.AFB!MTB
ViRobot	Trojan.Win.Z.Injector.356821
ZoneAlarm	HEUR:Trojan.Win32.Strab.gen
GData	Trojan.NSISX.Spy.Gen.24
Google	Detected
AhnLab-V3	Win-Trojan/Gandcrab08.Exp
ALYac	Gen:Variant.Fragtor.375445
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0CIT23
Rising	Trojan.Injector!8.C4 (TFE:5:qmDInMxbeCI)
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Injector.ESIU!tr
AVG	Win32:AdwareX-gen [Adw]

borilpokonta2.1.exe