Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 10, 2024, 7:56 a.m.	Jan. 10, 2024, 7:58 a.m.

Size	4.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`15f1d514f044c09b23254d2c6a7afc30`
SHA256	`13e063bc39be5c694f3bb67deead2b8a4781d98a0c26cc2d8ec68e0a72726dc7`
CRC32	`2687745A`
ssdeep	`98304:N25Gespnnt0YKfTsz/E5LTZrKJWasLBAZTxgSHvPKejsJbO9VyjQ1R:N2n4t3O+wwJRxhHvyejrmk`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

nbhvygiuhjbkhvyiuhjbhgyi.exe "C:\Users\test22\AppData\Local\Temp\nbhvygiuhjbkhvyiuhjbhgyi.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 10, 2024, 7:56 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 10, 2024, 7:56 a.m.		1	1	0

packer

Armadillo v1.71

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 10, 2024, 7:56 a.m.	stacktrace: RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559 RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639 RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95 free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x760b98cd nbhvygiuhjbkhvyiuhjbhgyi+0x13a9 @ 0x4013a9 nbhvygiuhjbkhvyiuhjbhgyi+0x115f @ 0x40115f nbhvygiuhjbkhvyiuhjbhgyi+0x6abc @ 0x406abc exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653 exception.instruction: jmp 0x76fde667 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 845395 exception.address: 0x76fde653 registers.esp: 1636712 registers.edi: 1637248 registers.eax: 1636728 registers.ebp: 1636832 registers.edx: 0 registers.ebx: 0 registers.esi: 3145728 registers.ecx: 2147483647	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 10, 2024, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.tsi1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen23.25184
Skyhigh	Artemis!Trojan
McAfee	Artemis!15F1D514F044
Cylance	unsafe
Sangfor	Dropper.Win32.Packed.Vu04
K7AntiVirus	Trojan ( 005a24931 )
Alibaba	Packed:Win32/Generic.47d28444
K7GW	Trojan ( 005a24931 )
Symantec	Trojan Horse
ESET-NOD32	Win32/Packed.7Zip.AI
Avast	FileRepMalware [Misc]
ClamAV	Win.Keylogger.Gencbl-9969771-0
Kaspersky	Trojan-Dropper.Win32.Agent.tfnvzk
NANO-Antivirus	Trojan.Win32.Mlw.kgtqew
Tencent	Win32.Trojan-Dropper.Agent.Jjgl
F-Secure	Trojan.TR/Drop.Agent.mpqpt
Sophos	Mal/Generic-S
GData	Win32.Trojan.Agent.6UZVZH
Webroot	W32.Malware.Gen
Avira	TR/Drop.Agent.mpqpt
Varist	W32/ABRisk.QRET-3478
Gridinsoft	Ransom.Win32.Sabsik.cl
ZoneAlarm	Trojan-Dropper.Win32.Agent.tfnvzk
Microsoft	Trojan:Win32/Malgent!MSR
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Malware-gen.R630807
Malwarebytes	Trojan.Dropper
Panda	Trj/Chgt.AD
Ikarus	Trojan.Win32.7zip
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_60% (W)

nbhvygiuhjbkhvyiuhjbhgyi.exe