popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ReklamX.ps1

Generic Malware Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 6, 2023, 1:54 p.m. Oct. 6, 2023, 1:56 p.m.
Size 223.1KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 4529da5fd57f762d9286c19c609f015c
SHA256 81941fa1afd3f3ba8b7effd06da74d2ef11c05122e7276a105f220c9d77c286a
CRC32 9DFB6697
ssdeep 3072:tYGoH3ZiTt9WcuMRHm/95KQHFrLO4zVCdSjQdMhvSWm8+B0RjcGd1F9h/IleqxE0:CGoHITt9WcuSG/95KwZPSSjQdMhvFuX
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x006ed5f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x006ed5f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x006ed5f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x006ed5f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0275b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0276f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x063f0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06550000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06551000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06552000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2556
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06553000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
ALYac Heur.BZC.PZQ.Pantera.140.732044B9
Arcabit Heur.BZC.PZQ.Pantera.140.732044B9
Symantec Backdoor.ASync!gm
Avast Script:SNH-gen [Trj]
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Heur.BZC.PZQ.Pantera.140.732044B9
MicroWorld-eScan Heur.BZC.PZQ.Pantera.140.732044B9
Emsisoft Heur.BZC.PZQ.Pantera.140.732044B9 (B)
VIPRE Heur.BZC.PZQ.Pantera.140.732044B9
FireEye Heur.BZC.PZQ.Pantera.140.732044B9
Ikarus Trojan.MSIL.Agent
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
GData Heur.BZC.PZQ.Pantera.140.732044B9
MAX malware (ai score=89)
AVG Script:SNH-gen [Trj]