popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mm.txt

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 2, 2024, 7:37 a.m. Jan. 2, 2024, 7:46 a.m.
Size 1.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 623d28815c85957bafdd79395e2227c9
SHA256 83395fe7f111fad16d1a69edf49dd0a52b34009930f5746631b1f240dc54e4f3
CRC32 B250A857
ssdeep 12288:zcWl26g/UBlRn5DzZ3TTP+5WkOVHK/H7sx117ksgSh20RUTMkzVSleJHcT/rBMSb:gWgHN8kSszVSlMHcTDBMGr9chBMuk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
154.39.239.56 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13323079680
free_bytes_available: 13323079680
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 565248
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0012ee00', u'virtual_address': u'0x00001000', u'entropy': 7.291876310565535, u'name': u'.data', u'virtual_size': u'0x0012ed00'} entropy 7.29187631057 description A section with a high entropy has been found
entropy 0.999587458746 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt
process_identifier: 2556
0 0
host 154.39.239.56
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Farfli.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.GenericRI.S26298297
Skyhigh BehavesLike.Win32.Downloader.tc
McAfee GenericRXNT-PG!623D28815C85
Cylance unsafe
VIPRE DeepScan:Generic.KillMBR.A.3711677C
Sangfor Suspicious.Win32.Save.ins
CrowdStrike win/malicious_confidence_100% (W)
BitDefender DeepScan:Generic.KillMBR.A.3711677C
K7GW Trojan ( 005602581 )
K7AntiVirus Trojan ( 005602581 )
Arcabit DeepScan:Generic.KillMBR.A.D38A2BDC
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HOBH
APEX Malicious
ClamAV Win.Trojan.Killmbr-9972958-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Backdoor:Win32/Farfli.651c864b
NANO-Antivirus Trojan.Win32.Farfli.jozzvh
MicroWorld-eScan DeepScan:Generic.KillMBR.A.3711677C
Avast Win32:BackdoorX-gen [Trj]
Tencent Malware.Win32.Gencirc.10bd9ab3
Emsisoft DeepScan:Generic.KillMBR.A.3711677C (B)
F-Secure Trojan.TR/Crypt.ZPACK.Gen
DrWeb BackDoor.Farfli.131
Zillya Trojan.Kryptik.Win32.3777528
TrendMicro TROJ_GEN.R002C0DLQ23
Trapmine malicious.high.ml.score
FireEye Generic.mg.623d28815c85957b
Sophos Mal/Generic-S
Ikarus Virus.Win32.NSAnti
Jiangmin Trojan.Generic.hjgut
Webroot W32.Trojan.TR.Crypt.ZPACK
Varist W32/Kryptik.HSI.gen!Eldorado
Avira TR/Crypt.ZPACK.Gen
MAX malware (ai score=89)
Antiy-AVL Trojan[Backdoor]/Win32.Farfli
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Kryptik.sa
Microsoft Backdoor:Win32/Farfli!pz
ViRobot Trojan.Win.Z.Farfli.1242112.J
ZoneAlarm HEUR:Trojan.Win32.Generic
GData DeepScan:Generic.KillMBR.A.3711677C
Google Detected
AhnLab-V3 Malware/Win32.RL_Generic.R356012
VBA32 BScope.Backdoor.Farfli
ALYac DeepScan:Generic.KillMBR.A.3711677C