popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

4.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 15, 2024, 8:16 a.m. June 15, 2024, 8:20 a.m.
Size 36.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 24981658666a4f40f07f37bfb48d1372
SHA256 7b84f0641444a8e39e14f6a9f3f9363ee142acbe6fcb6dcd046d0ae2c463cf77
CRC32 523E05B6
ssdeep 768:SkqlrK5isV2AKTVV15bRjeK3gRJg6Dm/u5HfqyaVwsaVwCx:xKIYApC6C/4//aVwsaVwCx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.155.205.99 Active Moloch
94.177.131.249 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 164.155.205.99:999 -> 192.168.56.103:49162 2400026 ET DROP Spamhaus DROP Listed Traffic Inbound group 27 Misc Attack

Suricata TLS

No Suricata TLS

packer Armadillo v1.71
Time & API Arguments Status Return Repeated

CreateServiceA

 service_start_name:
start_type: 2
password:
display_name: lnlfdxfircvscxggbwkf
filepath: C:\Windows\Systemyso.exe
service_name: phqghumeay
filepath_r: C:\Windows\Systemyso.exe
desired_access: 983551
service_handle: 0x0050dc90
error_control: 1
service_type: 272
service_manager_handle: 0x0050dd30
1 5299344 0
host 164.155.205.99
host 94.177.131.249
service_name phqghumeay service_path C:\Windows\Systemyso.exe
dead_host 192.168.56.101:50767
dead_host 192.168.56.101:50801
dead_host 192.168.56.103:21
dead_host 192.168.56.101:50778
dead_host 192.168.56.103:1433
dead_host 192.168.56.103:19490