popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ReklamX.ps1

Generic Malware Antivirus
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 10, 2023, 10:27 a.m. Oct. 10, 2023, 10:29 a.m.
Size 219.1KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 39aa0004099949044f6e47835101653d
SHA256 a268f91862c218d3abe907af2956177e6f0990df2186546bee6150072a7c5c98
CRC32 C696E048
ssdeep 3072:fzE4koyAWy4WYiBiHEMadxawPp4wVTwjQdMhvSWm8+B0RjcGd1F9h/IleqxEAY5d:7E4k+WPWYiIkMadxaIp4uwjQdMhvFum
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0071cfa0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0071cfa0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0071cfa0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0071cfa0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0259b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025af000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06390000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06440000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06441000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06442000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x06443000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
ALYac Heur.BZC.PZQ.Pantera.147.5989D66E
Symantec Backdoor.ASync!gm
Avast Script:SNH-gen [Trj]
Kaspersky HEUR:Trojan.PowerShell.Kryptik.gen
BitDefender Heur.BZC.PZQ.Pantera.147.5989D66E
MicroWorld-eScan Heur.BZC.PZQ.Pantera.147.5989D66E
Emsisoft Heur.BZC.PZQ.Pantera.147.5989D66E (B)
VIPRE Heur.BZC.PZQ.Pantera.147.5989D66E
FireEye Heur.BZC.PZQ.Pantera.147.5989D66E
Ikarus Trojan.MSIL.Agent
GData Heur.BZC.PZQ.Pantera.147.5989D66E
Arcabit Heur.BZC.PZQ.Pantera.147.5989D66E
ZoneAlarm HEUR:Trojan.PowerShell.Kryptik.gen
MAX malware (ai score=88)
AVG Script:SNH-gen [Trj]