popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

audiogse.exe

NSIS Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 5, 2023, 4:59 p.m. Oct. 5, 2023, 5:04 p.m.
Size 324.2KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 fc22fadc862dd0a5b07210a9255025b0
SHA256 92a11969793b832918bec3384ffadd4c626a7888d97454f4790529566d462022
CRC32 CBD71027
ssdeep 6144:unPdudwD6zVofFvpjjfou/W0P8GAj5KKF92pcnj564O+G4N1H84f3:unPd2xofFv5UuOKK/j56eG4/8e3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xffd7f150
registers.esp: 4324172
registers.edi: 0
registers.eax: 1968976824
registers.ebp: 4324180
registers.edx: 4292342096
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00250000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00260000
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\dmnvd.exe
file C:\Users\test22\AppData\Local\Temp\dmnvd.exe
file C:\Users\test22\AppData\Local\Temp\dmnvd.exe
Process injection Process 2628 called NtSetContextThread to modify thread in remote process 2692
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 4324272
registers.edi: 0
registers.eax: 848208
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000006c
process_identifier: 2692
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Strab.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Nemesis.1781
ALYac Gen:Variant.Jaik.182440
Malwarebytes Generic.Malware/Suspicious
VIPRE Gen:Variant.Nemesis.1781
Sangfor Trojan.Win32.Agent.Vipl
Cybereason malicious.6fc870
Arcabit Trojan.Nemesis.D6F5 [many]
Symantec ML.Attribute.HighConfidence
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win32.Strab.gen
BitDefender Gen:Variant.Nemesis.1781
Avast FileRepMalware [Pws]
Emsisoft Gen:Variant.Nemesis.1781 (B)
F-Secure Heuristic.HEUR/AGEN.1337940
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
FireEye Generic.mg.fc22fadc862dd0a5
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Fsysna.pez
Avira HEUR/AGEN.1337940
MAX malware (ai score=85)
Kingsoft malware.kb.a.990
Gridinsoft Trojan.Win32.Kryptik.oa!s1
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.NSISX.Spy.Gen.24
Google Detected
AhnLab-V3 Win-Trojan/Gandcrab08.Exp
McAfee Artemis!FC22FADC862D
Cylance unsafe
Rising Trojan.Generic@AI.98 (RDML:K9I6tGuItVwNcummmMR/AA)
Ikarus Trojan.NSIS.Agent
BitDefenderTheta Gen:NN.ZexaF.36738.kuW@aKQ@umii
AVG FileRepMalware [Pws]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)