popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

etopt.exe

Emotet Generic Malware Malicious Library UPX GIF Format Lnk Format PNG Format PE File DLL OS Processor Check PE32 BMP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 23, 2023, 6:15 p.m. Dec. 23, 2023, 6:17 p.m.
Size 4.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 f77abc2f79780428ca514c0041c8b9e9
SHA256 d02718250398639963db5042756d15f138f518f1f4cea9914a685c7b7e59d325
CRC32 B32788B2
ssdeep 49152:v47OO75f2R6Hjz40wOUNvzsaSSq7tceaMget9WD5W5VN+JCuyz9p7kuc7ioYRpuQ:afAEHbwOGz5ytu/scOoYOQ/n/aiACCdM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 496
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02dc0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 496
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02dd0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004d50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nsxC0BC.tmp\Checker.dll
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk
file C:\Program Files (x86)\ClocX\ClocX.exe
file C:\Program Files (x86)\ClocX\uninst.exe
file C:\Users\test22\AppData\Local\Temp\nsxC0BC.tmp\Zip.dll
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk
file C:\Program Files (x86)\ClocX\BackupAlarms.bat
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk
file C:\Users\test22\AppData\Local\Temp\nsxC0BC.tmp\Zip.dll
file C:\Users\test22\AppData\Local\Temp\nsxC0BC.tmp\Checker.dll
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 496
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 61440
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

 information_class: 76 (SystemFirmwareTableInformation)
3221225507 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
Skyhigh BehavesLike.Win32.Dropper.rc
McAfee Artemis!F77ABC2F7978
Malwarebytes Malware.AI.2169619911
Sangfor Trojan.Win32.Agent.Vwdw
CrowdStrike win/grayware_confidence_60% (D)
BitDefenderTheta Gen:NN.ZedlaF.36608.eu4@amokn7bi
VirIT Trojan.Win32.Genus.USB
ESET-NOD32 a variant of Generik.MSLPCFD
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Agent.gen
Avast Win32:Evo-gen [Trj]
Tencent Win32.Trojan.Agent.Qimw
Sophos Generic Reputation PUA (PUA)
TrendMicro Trojan.Win32.GULOADER.YXDLVZ
Trapmine malicious.moderate.ml.score
Kingsoft Win32.Trojan.Agent.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft Trojan.Win32.Agent.sa
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
GData Win32.Trojan.Agent.OWAC8H
Cylance unsafe
TrendMicro-HouseCall Trojan.Win32.GULOADER.YXDLVZ
Rising Trojan.Generic@AI.83 (RDML:THUhSjDOlAWLzbXTVpoQVQ)
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS