popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

InstallSetup6.exe

HermeticWiper NPKI Generic Malware NSIS Suspicious_Script Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus UPX Anti_VM Javascript_Blob PNG Format OS Processor Check CAB JPEG Format PE64 PE File ZIP Format BMP Format icon PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 13, 2023, 10:36 a.m. Nov. 13, 2023, 10:40 a.m.
Size 2.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 c4d534c2279d1e53893f70f6444f1067
SHA256 a87d730dfcffd71a52d820999668657a157a6d4a7f42a442176ea36d1f58fd55
CRC32 4F9CFB62
ssdeep 49152:C72s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsh:C5zX71oDCRAZUviAHImDqia7hsh
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2684
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73282000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2684
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00970000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13315702784
free_bytes_available: 13315702784
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13386698752
free_bytes_available: 13386698752
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466136576
free_bytes_available: 13466136576
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466136576
free_bytes_available: 13466136576
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466136576
free_bytes_available: 13466136576
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466218496
free_bytes_available: 13466218496
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466218496
free_bytes_available: 13466218496
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13466218496
free_bytes_available: 13466218496
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13464563712
free_bytes_available: 13464563712
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13464563712
free_bytes_available: 13464563712
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13464563712
free_bytes_available: 13464563712
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13464563712
free_bytes_available: 13464563712
root_path: C:
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Temp\Broom.exe
file C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
file C:\Users\test22\AppData\Local\Temp\InstallSetup6.exe
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe
file C:\Users\test22\AppData\Local\Temp\Broom.exe
file C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file C:\Users\test22\AppData\Local\Temp\Broom.exe
file C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
file c:\Windows\Temp\fwtsqmfile01.sqm
file C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file c:\Windows\Temp\fwtsqmfile00.sqm
file C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf
file C:\Windows\Prefetch\INJECT-X64.EXE-AAEEB6EB.pf
file C:\Windows\Prefetch\Layout.ini
file C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
file C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP
file C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file C:\Windows\Prefetch\SETUP.EXE-A9A86358.pf
file C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
file C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf
file C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
file C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\uglified_jindo[1].js
file C:\Windows\Prefetch\ReadyBoot\Trace9.fx
file C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
file C:\Windows\Prefetch\SETUP-STUB.EXE-8F842224.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
file C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
file C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
file C:\Windows\Prefetch\INSTALLSETUP6.EXE-80040F33.pf
file C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
file C:\Windows\Prefetch\ReadyBoot\Trace1.fx
file C:\Windows\Prefetch\AgGlGlobalHistory.db
file C:\Windows\Prefetch\DEFAULT-BROWSER-AGENT.EXE-01C82E17.pf
file C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
file C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file C:\Windows\Prefetch\ReadyBoot\Trace8.fx
file C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
file C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf
file C:\Windows\Prefetch\MMC.EXE-561C5A40.pf
file C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
file C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
file C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
file C:\Windows\Prefetch\PW.EXE-1D40DDAD.pf
file C:\Windows\Prefetch\BROOM.EXE-C606BCA8.pf
file C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
file C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log
file C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf
file C:\Windows\Prefetch\PfSvPerfStats.bin
file C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
file C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
file C:\Windows\Prefetch\EDITPLUS.EXE-BB0BC86D.pf
file C:\Windows\Prefetch\INJECT-X86.EXE-6FB1ED76.pf
file C:\Users\test22\AppData\Local\Temp\nszF099.tmp
file C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[10].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\013[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\sprite-20210713@2x[2].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\7028d2d448816aeaab0e_20211029092933036[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\spr_lft_white_150916[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn
file c:\Windows\Temp\fwtsqmfile01.sqm
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAUKPFFO.jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m_920_294_0729[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\e84a7e15-e6a9-41ec-9eb7-883e9b5e7249[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\348acc74d7ad9acbdda7_20211101182838273[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\1_237[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[3].png
file C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[9].jpg
file C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
file C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bootstrap.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.12.4.min_v1[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\w[1].css
file C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\S6uyw4BMUTPHjx4wWA[1].woff
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3a7f4c4cb962a54fae75_20200728093632144[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cropImg_728x360_77691188554226350[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\8c9b6e5b-4abb-45c6-9aa7-aa28806e8e84[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js
file C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\adf7905c-28ea-4ddf-93b2-aa96dad57752[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\977[1].png
file C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\015[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAR5WT7S.jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\smart_editor2.me.min.200716[1].css
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[3].htm
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nsd13728808[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\327[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sample-doc-download[1].htm
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\images[1].png
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f1e83251-9248-4d4e-8d2e-d1505a55bc83[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\3de5642a-2629-4625-9a63-d96768537b11[1].jpg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm
file C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf