Summary | ZeroBOX

deliver.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 11, 2023, 1:51 a.m. Oct. 11, 2023, 1:51 a.m.
Size 34.3MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 6d62f962f2d3fbb718452f1ee915d4d7
SHA256 d56dafddf97b45b67dd864ac0cc692f95ebc8e7f555f57f327a6f7755c173c78
CRC32 15A5D7D7
ssdeep 393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yf0nVQx4urYsANulL7NP:d0LoCOn+20s4urYDNulLBiuDQE
PDB Path C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb
section _RDATA
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25
wscript+0x2fbd @ 0x3f2fbd
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x75ac3ef4
registers.esp: 1768236
registers.edi: 0
registers.eax: 40209576
registers.ebp: 1768264
registers.edx: 1
registers.ebx: 0
registers.esi: 5289224
registers.ecx: 1932080604
1 0 0
Bkav W32.AIDetectMalware.64
Zillya Trojan.Agent.Win32.2853154
K7AntiVirus Trojan ( 005aa6b21 )
K7GW Trojan ( 005aa6b21 )
Cyren W64/Discord.K.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 JS/TrojanDropper.Agent.PGC
Kaspersky UDS:Trojan.PowerShell.Reflector
Avast Win64:Malware-gen
Tencent Js.Virus.Drop.Vimw
Sophos Mal/Generic-S
F-Secure Malware.JS/Drop.Agent.crwrb
McAfee-GW-Edition Artemis
Avira JS/Drop.Agent.crwrb
Antiy-AVL Trojan[Dropper]/JS.Agent
Xcitium Malware@#ggcoom837ou2
Microsoft Trojan:Win32/Synder!ic
Google Detected
AhnLab-V3 Malware/Win.Generic.C5476359
Rising Dropper.Agent/JS!8.126A2 (CLOUD)
Ikarus Trojan-Dropper.JS.Agent
Fortinet JS/Agent.PGC!tr
AVG Win64:Malware-gen
DeepInstinct MALICIOUS