popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ReklamX.ps1

Generic Malware Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 8, 2023, 12:01 p.m. Oct. 8, 2023, 12:04 p.m.
Size 221.1KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 17ca355294ec4a7f4d58438aa2d5689a
SHA256 5e06c4a5affdbe948ad2a924e652f195b3c5e423eb82a7a542a8036cce8d7723
CRC32 D78BBE36
ssdeep 3072:tAeXbtiLC0WR5X3Vw+HZp9hCyYtY7eeoXVCOljQdMhvSWm8+B0RjcGd1F9h/IleA:KeXbT0WRtVR5p9hCy9qvJljQdMhvFuX
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050741e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050741e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050741e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x050741e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026bb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x026cf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06310000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06490000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06491000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06492000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06493000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
FireEye Heur.BZC.PZQ.Pantera.140.751818AF
ALYac Heur.BZC.PZQ.Pantera.140.751818AF
Arcabit Heur.BZC.PZQ.Pantera.140.751818AF
Symantec Backdoor.ASync!gm
ESET-NOD32 MSIL/Agent.CFQ
Avast Script:SNH-gen [Trj]
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Heur.BZC.PZQ.Pantera.140.751818AF
MicroWorld-eScan Heur.BZC.PZQ.Pantera.140.751818AF
Tencent Win32.Trojan.Kryptik.Jajl
Emsisoft Heur.BZC.PZQ.Pantera.140.751818AF (B)
VIPRE Heur.BZC.PZQ.Pantera.140.751818AF
Ikarus Trojan.MSIL.Agent
Google Detected
Microsoft Trojan:Win32/Znyonm
ViRobot HTML.Z.Agent.226446
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
GData Heur.BZC.PZQ.Pantera.140.751818AF
Varist ABRisk.XPMM-6
MAX malware (ai score=83)
AVG Script:SNH-gen [Trj]