popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 26, 2023, 1:32 p.m. Nov. 26, 2023, 1:42 p.m.
Size 7.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 13c54df3790dbde46fbe989793e21ce7
SHA256 2cc26a714371577628a15d4b25ea23af43995d7d20b2a3fd891db403915e5e69
CRC32 D98B7533
ssdeep 196608:91OMVkbPbPFUEBQXzM14+H22JZu9c7eSL2r5bbk:3OMV0jPOECDMK+W2TXLO5k
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
section .sxdata
packer Armadillo v1.71
file C:\Users\test22\AppData\Local\Temp\7zSC186.tmp\Install.exe
file C:\Users\test22\AppData\Local\Temp\7zSC2DD.tmp\Install.exe
wmi <INVALID POINTER>
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 1396736
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Time & API Arguments Status Return Repeated

WNetGetProviderNameW

 net_type: 0x00250000
1222 0
Bkav W32.AIDetectMalware
MicroWorld-eScan Gen:Variant.Fragtor.381711
Skyhigh BehavesLike.Win32.BadFile.wc
McAfee Artemis!13C54DF3790D
Malwarebytes Generic.Malware.AI.DDS
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Adware.Neoreklami.NK
Cynet Malicious (score: 100)
APEX Malicious
BitDefender Gen:Variant.Fragtor.381711
Avast Win32:Evo-gen [Trj]
Emsisoft Gen:Variant.Fragtor.381711 (B)
VIPRE Gen:Variant.Fragtor.381711
Trapmine malicious.moderate.ml.score
FireEye Gen:Variant.Fragtor.381711
Ikarus PUA.Neoreklami
Microsoft Program:Win32/Wacapew.C!ml
Arcabit Trojan.Fragtor.D5D30F
GData Gen:Variant.Fragtor.381711
BitDefenderTheta Gen:NN.ZexaF.36792.@F0@ayhYARpi
ALYac Gen:Variant.Fragtor.381711
MAX malware (ai score=83)
Rising Malware.Obscure!1.A89F (CLASSIC)
SentinelOne Static AI - Suspicious SFX
MaxSecure Trojan.Malware.121218.susgen
Fortinet Adware/Neoreklami
AVG Win32:Evo-gen [Trj]
CrowdStrike win/grayware_confidence_90% (W)