popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ACR.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 12, 2023, 2:36 p.m. Nov. 12, 2023, 2:44 p.m.
Size 315.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4247de093585ea6db6b6c520ca81247d
SHA256 f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f
CRC32 8E238E3B
ssdeep 6144:qJR3JY53d1R0vyZyBgCI3YhOaxHnp0CHnAWxZ+IAOGu+3EA:1s+qpnp7hrgu/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
45.61.136.124 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://45.61.136.124/Up
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://45.61.136.124/Up/b
request POST http://45.61.136.124/Up
request POST http://45.61.136.124/Up/b
request POST http://45.61.136.124/Up
request POST http://45.61.136.124/Up/b
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data
file C:\Users\test22\AppData\Local\Chromium\User Data
file C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\test22\AppData\Local\Nichrome\User Data
host 45.61.136.124
file C:\Users\test22\AppData\Roaming\Bitcoin\wallets
file C:\Users\test22\AppData\Roaming\Electrum\wallets
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x000002bc
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0
file C:\Users\test22\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\test22\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\test22\AppData\Roaming\.purple\accounts.xml
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet