popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e

PS PostScript UPX Lnk Format GIF Format MSOffice File PE File OS Processor Check PE32 JPEG Format HWP
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 25, 2024, 3:45 p.m. March 25, 2024, 3:50 p.m.
Size 175.0KB
Type Hangul (Korean) Word Processor File 5.x
MD5 4c033029dd47e1029ff45d550d5811f9
SHA256 03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e
CRC32 03F37DBE
ssdeep 3072:GFzFYtek5nkrTW9XEixmN2rraUxzDipSU9KNO1Kb3iAPFUxV12:htek5nkqx0UywzOpbD1KyAOX12
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
  • HWP_file_format - HWP Document File
  • Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2676
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\HncApp.exe
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e.lnk
file C:\Users\test22\AppData\Local\Temp\HncApp.exe
Lionic Trojan.Win32.KeyLogger.l!c
ALYac Trojan.HWP.179200A
Arcabit Trojan.Generic.D2EBDDDC
Avast Other:Malware-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Spy.Win32.KeyLogger.gen
BitDefender Trojan.GenericKD.49012188
MicroWorld-eScan Trojan.GenericKD.49012188
Ad-Aware Trojan.GenericKD.49012188
Emsisoft Trojan.GenericKD.49012188 (B)
FireEye Trojan.GenericKD.49012188
Avira TR/Spy.KeyLogger.jplgn
MAX malware (ai score=80)
GData Trojan.GenericKD.49012188
AhnLab-V3 Trojan/Win.Generic.C5126904
TACHYON Suspicious/HWP.OLE.NS.Gen
AVG Other:Malware-gen [Trj]