Summary | ZeroBOX

Photo.scr

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us May 11, 2024, 7:28 p.m. May 11, 2024, 7:31 p.m.
Size 3.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 24eef227b95647e2ef8edf1b194d97ca
SHA256 2401a7326fa43b1cc186025d0f2303ef5490685cac0f70e46c001731082711b7
CRC32 ABD5B12C
ssdeep 49152:R3XTWsOBDNQ2iselXOfTITJR0nrtFPpXmfiSLI+VxBSTkqY3yZYIL4XKIvVor:RLGSThOfTCiFBXmfFs+JMHpCVor
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18
MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f
New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x746c77b7
MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15
MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57
photo+0x1b72 @ 0xa11b72
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x744c3f46
registers.esp: 4174572
registers.edi: 0
registers.eax: 1951153990
registers.ebp: 4174612
registers.edx: 0
registers.ebx: 0
registers.esi: 1951153990
registers.ecx: 7277928
1 0 0

__exception__

stacktrace:
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c
SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c
SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18
MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f
New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x746c77b7
MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15
MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57
photo+0x1b72 @ 0xa11b72
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x744c3f46
registers.esp: 4174572
registers.edi: 0
registers.eax: 1951153990
registers.ebp: 4174612
registers.edx: 0
registers.ebx: 0
registers.esi: 1951153990
registers.ecx: 7277928
1 0 0

__exception__

stacktrace:
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x750bd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x750b964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x750a4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x750a6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x750ae825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x750a6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x750a5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x750a49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x750a5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x778d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25
photo+0x1019a @ 0xa2019a
photo+0x10130 @ 0xa20130
photo+0x10291 @ 0xa20291
photo+0x7972 @ 0xa17972
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x750d3ef4
registers.esp: 4192688
registers.edi: 0
registers.eax: 184664
registers.ebp: 4192716
registers.edx: 1
registers.ebx: 0
registers.esi: 4839704
registers.ecx: 1951020412
1 0 0
section {u'size_of_data': u'0x00010800', u'virtual_address': u'0x0003c000', u'entropy': 7.255045319856109, u'name': u'.rsrc', u'virtual_size': u'0x00010608'} entropy 7.25504531986 description A section with a high entropy has been found
entropy 0.272164948454 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Crypren.tpW3
Elastic malicious (high confidence)
ClamAV Win.Malware.Ymacco-9950875-0
McAfee Artemis!24EEF227B956
ALYac Trojan.Generic.31880446
Cylance Unsafe
VIPRE Trojan.Generic.31880446
Sangfor Trojan.Win32.Agent.Vni1
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.Generic.31880446
K7GW Riskware ( 0040eff71 )
Cybereason malicious.7b9564
Arcabit Trojan.Generic.D1E674FE
Cyren W32/S-f857af78!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 100)
Alibaba Trojan:Win32/Ymacco.1ac84279
NANO-Antivirus Trojan.Win32.Crytes.iejucj
MicroWorld-eScan Trojan.Generic.31880446
Ad-Aware Trojan.Generic.31880446
Emsisoft Trojan.Generic.31880446 (B)
Comodo Worm.Win32.Bflient.~AD2@3d18gh
DrWeb Trojan.BtcMine.3428
TrendMicro TROJ_GEN.R011C0DK822
McAfee-GW-Edition BehavesLike.Win32.BadFile.wc
FireEye Generic.mg.24eef227b95647e2
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.Ymacco
Avira HEUR/AGEN.1213245
MAX malware (ai score=87)
Microsoft Trojan:Win32/Ymacco.AA33
GData Win32.Trojan.PSE.6TRR6M
Google Detected
AhnLab-V3 Trojan/Win32.Agent.R342010
Acronis suspicious
VBA32 Trojan.BtcMine
Malwarebytes Trojan.Downloader
TrendMicro-HouseCall TROJ_GEN.R011C0DK822
SentinelOne Static AI - Suspicious PE
Fortinet W32/GenericKD.4266!tr
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_90% (W)