popup
procMemory | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Process Memory

Process memory dump for LjYLHSho7Xgoi1P.exe (PID 2840, dump 1)

Extracted/injected images (may contain unpacked executables)
Download #1
Download #2

Yara signatures matches on process memory

Match: Win_Trojan_AgentTesla_M_B_Zero

  • XAB1AHYAbgBjACAAYgB2AGIAYQBcAFUAbAB0AHIAYQBWAE4AQwBcAHUAbAB0AHIAYQB2AG4AYwAuAGkAbgBpAA== (\uvnc bvba\UltraVNC\ultravnc.ini)
  • XABPAHAAZQByAGEAIABNAGEAaQBsAFwATwBwAGUAcgBhACAATQBhAGkAbABcAHcAYQBuAGQALgBkAGEAdAA= (\Opera Mail\Opera Mail\wand.dat)
  • XABUAHIAaQBsAGwAaQBhAG4AXAB1AHMAZQByAHMAXABnAGwAbwBiAGEAbABcAGEAYwBjAG8AdQBuAHQAcwAuAGQAYQB0AA== (\Trillian\users\global\accounts.dat)

Match: Generic_PWS_Memory_Zero

  • UGFzc3dvcmQ= (Password)
  • cGFzc3dvcmQ= (password)

Match: Network_SMTP_dotNet

  • U210cENsaWVudA== (SmtpClient)
  • U3lzdGVtLk5ldC5NYWls (System.Net.Mail)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: anti_dbg

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S2VybmVsMzIuZGxs (Kernel32.dll)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • VXNlcjMyLmRsbA== (User32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: KeyLogger

  • R2V0S2V5U3RhdGU= (GetKeyState)
  • VXNlcjMyLmRsbA== (User32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)