popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mmfd.exe

Gen1 Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM ftp PE File PE64 OS Processor Check wget DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us April 23, 2024, 11:07 a.m. April 23, 2024, 11:17 a.m.
Size 10.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 bbf48f853fcf1d291cfbc0dfd522e75e
SHA256 9d7c3c799288ea3717fc76d09e84e9e2db4853f59e7b2c07b782af4a97aaaa1b
CRC32 F81A6DE6
ssdeep 196608:qsAlP3Zobseq6ERnze72k7nrWHkDC3qZqIJ/IFftp6WnXPCE7BWPRNi:qsCpoSvRnze72orWHEpqVtpGE7Bw
Yara
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000049c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\python310.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\stub.exe
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\python3.dll
section {u'size_of_data': u'0x00a9de00', u'virtual_address': u'0x00038000', u'entropy': 7.999148703585221, u'name': u'.rsrc', u'virtual_size': u'0x00a9dca0'} entropy 7.99914870359 description A section with a high entropy has been found
entropy 0.988228342878 description Overall entropy of this PE file is high
file C:\Users\test22\AppData\Local\Temp\onefile_2052_133583380699843750\stub.exe
Bkav W64.AIDetectMalware
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.vc
ALYac Trojan.GenericKD.72468810
Cylance unsafe
VIPRE Trojan.GenericKD.72468810
BitDefender Trojan.GenericKD.72468810
Arcabit Trojan.Generic.D451C94A
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Python/PSW.Agent_AGen.V
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan-GameThief.MSIL.Worgtop.bqf
MicroWorld-eScan Trojan.GenericKD.72468810
Rising Stealer.Agent!8.C2 (CLOUD)
Emsisoft Trojan.GenericKD.72468810 (B)
F-Secure Trojan.TR/Redcap.pztbr
Zillya Trojan.Agent.Win64.44015
TrendMicro Trojan.Win64.AMADEY.YXEDUZ
FireEye Trojan.GenericKD.72468810
Sophos Mal/Generic-S
Ikarus Trojan.Gensteal
Jiangmin Trojan.PSW.Stealer.dnf
Webroot W32.Trojan.Znyonm
Google Detected
Avira TR/Redcap.pztbr
MAX malware (ai score=80)
Kingsoft Win32.Troj.Undef.a
Gridinsoft Trojan.Win64.Wacatac.dd!s1
Microsoft Trojan:Win32/Acll
ZoneAlarm Trojan-GameThief.MSIL.Worgtop.bqf
GData Trojan.GenericKD.72468810
Varist W64/ABRisk.ZAHY-1889
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3353104648
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEDUZ
Tencent Msil.Trojan-GameThief.Worgtop.Snkl
Yandex Trojan.PWS.FBStealer!y76knCQZjNU
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.240033564.susgen
Fortinet W32/Agent_AGen.V!tr.pws
AVG Win64:Evo-gen [Trj]
alibabacloud RiskWare:Python/Agent_AGen.V