popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mm.txt.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Jan. 10, 2024, 9:29 a.m. Jan. 10, 2024, 9:31 a.m.
Size 1.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 af0577837683f80c555a27e9af137a55
SHA256 40e261e7bffce05b06dc3d6feaa430d310ec8bde473e1136255965b8aa28f925
CRC32 8E6CAD75
ssdeep 12288:zcWl26g/UBlRn5DzZ3TTP+5WkOVHK/H7sx117ksgSh20RUTMkzVSleJHcT/rBMSD:gWgHN8kSszVSlMHcTDBMGr9chBMGk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
154.211.23.99 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 9121722368
free_bytes_available: 9121722368
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000268
process_name: smss.exe
process_identifier: 228
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: csrss.exe
process_identifier: 364
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 584
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 656
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 740
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 796
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: audiodg.exe
process_identifier: 916
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 1000
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: spoolsv.exe
process_identifier: 1036
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 1080
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: taskhost.exe
process_identifier: 1352
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 1432
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: svchost.exe
process_identifier: 1908
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 1200
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: SearchIndexer.exe
process_identifier: 736
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: SearchProtocolHost.exe
process_identifier: 1364
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: SearchFilterHost.exe
process_identifier: 2064
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: tvnserver.exe
process_identifier: 2568
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: wsqmcons.exe
process_identifier: 2728
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: taskhost.exe
process_identifier: 2852
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: cmd.exe
process_identifier: 2928
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: conhost.exe
process_identifier: 2936
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: mm.txt.exe
process_identifier: 3020
1 1 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 565248
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x10001000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0012ee00', u'virtual_address': u'0x00001000', u'entropy': 7.291884194550248, u'name': u'.data', u'virtual_size': u'0x0012ed00'} entropy 7.29188419455 description A section with a high entropy has been found
entropy 0.999587458746 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0

Process32NextW

 snapshot_handle: 0x00000268
process_name: pw.exe
process_identifier: 3036
0 0
host 154.211.23.99
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.KillMBR.4!c
DrWeb BackDoor.Farfli.131
MicroWorld-eScan DeepScan:Generic.KillMBR.A.3711677C
CAT-QuickHeal Trojan.GenericRI.S26298297
Skyhigh GenericRXNT-PG!AF0577837683
McAfee GenericRXNT-PG!AF0577837683
Malwarebytes Generic.Malware.AI.DDS
VIPRE DeepScan:Generic.KillMBR.A.3711677C
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus Trojan ( 005602581 )
Alibaba Backdoor:Win32/Farfli.65374410
K7GW Trojan ( 005602581 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta AI:Packer.A8BD32C71E
VirIT Trojan.Win32.Genus.UTZ
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HOBH
APEX Malicious
ClamAV Win.Trojan.Killmbr-9972958-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender DeepScan:Generic.KillMBR.A.3711677C
NANO-Antivirus Trojan.Win32.Farfli.jozzvh
Avast Win32:BackdoorX-gen [Trj]
Rising Backdoor.Shellex!1.DD80 (CLASSIC)
Emsisoft DeepScan:Generic.KillMBR.A.3711677C (B)
F-Secure Trojan.TR/Crypt.ZPACK.Gen
Zillya Trojan.Kryptik.Win32.3777528
TrendMicro TROJ_GEN.R002C0DA924
Sophos Mal/Generic-S
Ikarus Virus.Win32.NSAnti
Jiangmin Trojan.Generic.hjgut
Webroot
Google Detected
Avira TR/Crypt.ZPACK.Gen
Varist W32/Kryptik.HSI.gen!Eldorado
Antiy-AVL Trojan[Backdoor]/Win32.Farfli
Kingsoft Win32.Trojan.Generic.a
Microsoft Backdoor:Win32/Farfli!pz
Gridinsoft Trojan.Win32.Kryptik.sa
Arcabit DeepScan:Generic.KillMBR.A.D38A2BDC
ZoneAlarm HEUR:Trojan.Win32.Generic
GData DeepScan:Generic.KillMBR.A.3711677C
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R356012
VBA32 BScope.Backdoor.Farfli
Cylance unsafe
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_GEN.R002C0DA924