popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ticket2c.exe

Malicious Library MZP Format PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 16, 2024, 9:56 a.m. June 16, 2024, 10:43 a.m.
Size 202.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 ce4737e2002d128dea02d50d2ab010cb
SHA256 45890cc1b9546fc7cc5ede206525457f75dfedb9c8c772729d962816b43e7b05
CRC32 DA228AF3
ssdeep 3072:38aQs4BSCpikIp8PwzjdIC0fyEixcHw2m45UpXMhv8XWaOKHmv1z0oo0KXDDlxG+:3TDOHnSP9IRfypSsX500oHKXXGLBBC
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: Usage: ticket TXT-file
console_handle: 0x00000007
1 1 0
section .itext
resource name TYPELIB
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73662000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
Cynet Malicious (score: 100)
Cylance Unsafe
Rising Trojan.Generic@AI.96 (RDMK:cmRtazpsAihbzSKk7GZdxrYd0gxt)
Zillya Dropper.Agent.Win32.217936
McAfeeD ti!45890CC1B954
Ikarus Win32.Outbreak
Jiangmin Trojan.MSIL.zm
Google Detected
Kingsoft Win32.Troj.Agent.cks
Gridinsoft Trojan.Win32.Agent.oa!s1
Microsoft Trojan:Win32/Casdet!rfn
Fortinet W32/PossibleThreat
Paloalto generic.ml