popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

decord.exe

Generic Malware NSIS Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus UPX Anti_VM PNG Format OS Processor Check MZP Format CAB CHM Format .NET EXE JPEG Format PE64 PE File DLL ZIP Format BMP Format icon MSOffice File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 25, 2023, 5:52 p.m. Nov. 25, 2023, 5:56 p.m.
Size 6.4MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 faa78f58b4f091f8c56ea622d8576703
SHA256 464c7ab944886103d617e334c94320344761a543de5395c6b541ae386b448ea0
CRC32 7C5E6C22
ssdeep 196608:AR4ERFw+DIaY5cI1CmjxOSdKk7lpv3/4AkRKM:ARxR9Y5cI1CmVtVpvgL
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f21000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f22000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00720000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00392000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00445000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0044b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00447000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2104
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0039a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4161536
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02580000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2200
region_size: 9351168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02980000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2300
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 9918099456
free_bytes_available: 9918099456
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 9922334720
free_bytes_available: 9922334720
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10015248384
free_bytes_available: 10015248384
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10015248384
free_bytes_available: 10015248384
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10015244288
free_bytes_available: 10015244288
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10021982208
free_bytes_available: 10021982208
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10021982208
free_bytes_available: 10021982208
root_path: C:
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10021982208
free_bytes_available: 10021982208
root_path: C:
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Temp\Broom.exe
file C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
file C:\Users\test22\AppData\Local\Temp\InstallSetup8.exe
file C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
file C:\Users\test22\AppData\Local\Temp\InstallSetup8.exe
file C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
file C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUPUI.DLL
file C:\Users\test22\AppData\Local\Temp\Broom.exe
file C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUP.DLL
file C:\Users\test22\AppData\Local\Temp\decord.exe
file C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUP.DLL
file C:\Users\test22\AppData\Local\Temp\Setup000023ac\ose00000.exe
file C:\Users\test22\AppData\Local\Temp\Setup00000994\ose00000.exe
file C:\Users\test22\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
file C:\Users\test22\AppData\Local\Temp\InstallSetup8.exe
file C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUPUI.DLL
section {u'size_of_data': u'0x0066c200', u'virtual_address': u'0x00002000', u'entropy': 7.985357609183614, u'name': u'.text', u'virtual_size': u'0x0066c154'} entropy 7.98535760918 description A section with a high entropy has been found
entropy 0.999695979327 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file C:\Users\test22\AppData\Local\Temp\InstallSetup8.exe
file C:\Windows\Prefetch\PYTHON.EXE-C663CFDC.pf
file C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-305B5E54.pf
file C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file C:\Windows\Prefetch\THUNDERBIRD.EXE-A0DA674F.pf
file C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
file c:\Windows\Temp\fwtsqmfile01.sqm
file C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
file C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file C:\Windows\Prefetch\GOOGLEUPDATE.EXE-D0E66F4A.pf
file C:\Windows\Prefetch\86.0.4240.111_CHROME_INSTALLE-AF26656A.pf
file C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file c:\Windows\Temp\fwtsqmfile00.sqm
file C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-EB18F4FF.pf
file C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP
file C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
file C:\Windows\Prefetch\SLUI.EXE-724E99D9.pf
file C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
file C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
file C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
file C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
file C:\Windows\Prefetch\IMKRMIG.EXE-AAA206C5.pf
file C:\Windows\Prefetch\UNPACK200.EXE-E4DF1A4E.pf
file C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
file C:\Windows\Prefetch\7ZFM.EXE-22E64FB8.pf
file C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-B0D5C571.pf
file C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-34B7EAE8.pf
file C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
file C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
file C:\Windows\Prefetch\AgGlFgAppHistory.db
file C:\Windows\Prefetch\JAVAW.EXE-D0AA8787.pf
file C:\Windows\Prefetch\SSVAGENT.EXE-0CD059B7.pf
file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file C:\Windows\Prefetch\PW.EXE-1D40DDAD.pf
file C:\Windows\Prefetch\OSE.EXE-2B23CA4C.pf
file C:\Windows\Prefetch\INSTALLER.EXE-60163557.pf
file C:\Windows\Prefetch\PINGSENDER.EXE-8E79128B.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file C:\Windows\Prefetch\AgRobust.db
file C:\Windows\Prefetch\ICACLS.EXE-B19DE1F7.pf
file C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf
file C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
file C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
file C:\Users\test22\AppData\Local\Temp\nshC771.tmp
file C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log
file C:\Windows\Prefetch\SNIPPINGTOOL.EXE-EFFDAFDE.pf
file C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\override[1].css
file C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
file C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log
file C:\Users\test22\AppData\Local\Temp\InstallSetup8.exe
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini
file C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file C:\Users\test22\AppData\Local\Temp\{E7573238-1B24-467B-B5A4-0BE967E0BF64}.tmp
file C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\mnrstrtr[1].js
file C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000026.log
file C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png
file C:\Windows\Prefetch\RUNDLL32.EXE-8C11D845.pf
file C:\Users\test22\AppData\Local\Temp\Setup00000994\SETUP.CHM
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm
file C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
file C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-4366A668.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file C:\Windows\Prefetch\AgAppLaunch.db
file C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152131B24).log
file c:\Windows\Temp\TS_7FC6.tmp
file C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn
file C:\Windows\Prefetch\AgGlGlobalHistory.db
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[4].htm
file C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\invalidcert[1]
file C:\Windows\Prefetch\DLLHOST.EXE-97F6A314.pf
file C:\Users\test22\AppData\Local\Temp\UserInfoSetup(201804051522349E8).log
file c:\Windows\Temp\TS_88E1.tmp
file C:\Users\test22\AppData\Local\Temp\RD25B7.tmp
file C:\Windows\Prefetch\JAVAWS.EXE-FE17358E.pf
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\554576[1].htm
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\getLoginStatus[2].nhn
file C:\Windows\Prefetch\ELEVATION_SERVICE.EXE-9F359A74.pf
file C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
file C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf
Bkav W32.Common.0AE0D52F
Lionic Trojan.Win32.ShortLoader.a!c
MicroWorld-eScan IL:Trojan.MSILZilla.9891
Skyhigh BehavesLike.Win32.Generic.vc
McAfee GenericRXOO-YN!FAA78F58B4F0
Cylance unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Ransomware ( 005a8b921 )
Alibaba TrojanDownloader:MSIL/Mokes.2c82ebf7
K7GW Ransomware ( 005a8b921 )
Cybereason malicious.cf298f
Arcabit IL:Trojan.MSILZilla.D26A3
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Agent.UZA
APEX Malicious
Kaspersky HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender IL:Trojan.MSILZilla.9891
NANO-Antivirus Trojan.Win32.ShortLoader.keepis
Avast Win32:DropperX-gen [Drp]
Tencent Msil.Trojan-Downloader.Shortloader.Anhl
Sophos Troj/ILAgent-I
F-Secure Heuristic.HEUR/AGEN.1365025
DrWeb Trojan.MulDropNET.43
VIPRE IL:Trojan.MSILZilla.9891
TrendMicro Trojan.Win32.SMOKELOADER.YXDKYZ
Trapmine malicious.high.ml.score
FireEye Generic.mg.faa78f58b4f091f8
Emsisoft IL:Trojan.MSILZilla.9891 (B)
SentinelOne Static AI - Malicious PE
Google Detected
Avira HEUR/AGEN.1365025
Varist W32/MSIL_Kryptik.FFY.gen!Eldorado
Kingsoft MSIL.Trojan-Downloader.ShortLoader.gen
Gridinsoft Trojan.Win32.Glupteba.tr
Microsoft Trojan:MSIL/Mokes.B!MTB
ZoneAlarm HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
GData Win32.Trojan.Agent.PHU5HG
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.C4478643
VBA32 Trojan.MSIL.Injector.gen
ALYac IL:Trojan.MSILZilla.9891
MAX malware (ai score=82)
Malwarebytes Trojan.Crypt.MSIL.Generic
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win32.SMOKELOADER.YXDKYZ
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Ikarus Win32.Outbreak
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/GenKryptik.FFMZ!tr