popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

@DDRI2_2.exe

Gen1 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 3, 2024, 7:24 a.m. June 3, 2024, 7:33 a.m.
Size 6.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1cfa70c1b2f1eb15d9f6b0d502095360
SHA256 139b21a0ba2e1d6e45cc7ce3494b25b57cb2d5405abe851c1086b24f7d7d2619
CRC32 C2EE7C0E
ssdeep 98304:7e+bdwNF5kcwoPllMWHubXkTZONq0d6NlPf9//KJ+PUxY7xFY5cjaNCSsxCfTL:C+K4oP1HOXfZ8bntw+KY7xFY5csCSsQ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
resource name MUI
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ce0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI15722\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\pywintypes37.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\python37.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\unicodedata.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\libssl-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_bz2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_ctypes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\win32evtlog.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\python37.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\pywintypes37.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_socket.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\pyexpat.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\libcrypto-1_1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI15722\win32api.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_lzma.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_queue.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_ssl.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI15722\_hashlib.pyd
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealer.trqf
Elastic malicious (moderate confidence)
Cylance Unsafe
Sangfor Trojan.Win32.Agent.Vj0s
APEX Malicious
Avast Win32:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
F-Secure Trojan.TR/Redcap.ltrvm
McAfeeD ti!139B21A0BA2E
FireEye Generic.mg.1cfa70c1b2f1eb15
Avira TR/Redcap.ltrvm
Kingsoft Win32.Troj.Unknown.a
Microsoft Trojan:Script/Wacatac.H!ml
ZoneAlarm HEUR:Trojan.Python.Pytr.di
BitDefenderTheta Gen:NN.ZexaF.36806.@B3@aSKES0di
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4232333952
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Paloalto generic.ml