popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

deliver.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 11, 2023, 1:51 a.m. Oct. 11, 2023, 1:51 a.m.
Size 34.3MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 6d62f962f2d3fbb718452f1ee915d4d7
SHA256 d56dafddf97b45b67dd864ac0cc692f95ebc8e7f555f57f327a6f7755c173c78
CRC32 15A5D7D7
ssdeep 393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yf0nVQx4urYsANulL7NP:d0LoCOn+20s4urYDNulLBiuDQE
PDB Path C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25
wscript+0x2fbd @ 0x3f2fbd
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x75ac3ef4
registers.esp: 1768236
registers.edi: 0
registers.eax: 40209576
registers.ebp: 1768264
registers.edx: 1
registers.ebx: 0
registers.esi: 5289224
registers.ecx: 1932080604
1 0 0
Bkav W32.AIDetectMalware.64
Zillya Trojan.Agent.Win32.2853154
K7AntiVirus Trojan ( 005aa6b21 )
K7GW Trojan ( 005aa6b21 )
Cyren W64/Discord.K.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 JS/TrojanDropper.Agent.PGC
Kaspersky UDS:Trojan.PowerShell.Reflector
Avast Win64:Malware-gen
Tencent Js.Virus.Drop.Vimw
Sophos Mal/Generic-S
F-Secure Malware.JS/Drop.Agent.crwrb
McAfee-GW-Edition Artemis
Avira JS/Drop.Agent.crwrb
Antiy-AVL Trojan[Dropper]/JS.Agent
Xcitium Malware@#ggcoom837ou2
Microsoft Trojan:Win32/Synder!ic
Google Detected
AhnLab-V3 Malware/Win.Generic.C5476359
Rising Dropper.Agent/JS!8.126A2 (CLOUD)
Ikarus Trojan-Dropper.JS.Agent
Fortinet JS/Agent.PGC!tr
AVG Win64:Malware-gen
DeepInstinct MALICIOUS