popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ama.exe

Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 27, 2024, 10:07 a.m. June 27, 2024, 10:24 a.m.
Size 1.4MB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 04055601abbd16ec6cc9e02450c19381
SHA256 b7620bff5539ff22c251c32e62961beae4f5a91b0f6c73dde1a7da941b93fe13
CRC32 493DDA31
ssdeep 24576:HhSIBky91oHhqyp54SWIbts8MZHq9NGCzgNgpiZtsyCx+OO9OKfNgd5H4+3:B3J91qhDp5HWAsF28ZtsJsOO9WH4g
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 442368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00900000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73402000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02790000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004770000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13320114176
free_bytes_available: 13320114176
root_path: C:
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Temp\One_Dragon_Center\MSI.CentralServer.exe
section {u'size_of_data': u'0x00068800', u'virtual_address': u'0x000d6000', u'entropy': 7.996868056738097, u'name': u'.data', u'virtual_size': u'0x000691c4'} entropy 7.99686805674 description A section with a high entropy has been found
entropy 0.300395256917 description Overall entropy of this PE file is high
file C:\Windows\Tasks\MSI.CentralServer.job
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Deyma.a!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
CAT-QuickHeal Trojandownloader.Deyma
Skyhigh Artemis!Trojan
ALYac Trojan.GenericKD.72012777
Cylance Unsafe
VIPRE Trojan.GenericKD.72012777
Sangfor Downloader.Win32.Kryptik.Vxtz
K7AntiVirus Trojan ( 005b1a2e1 )
BitDefender Trojan.GenericKD.72012777
K7GW Trojan ( 005b1a2e1 )
Cybereason malicious.1abbd1
Arcabit Trojan.Generic.D44AD3E9
VirIT Trojan.Win32.Genus.DWZ
Symantec Trojan.Whispergate
ESET-NOD32 a variant of Win32/GenKryptik.GTBH
APEX Malicious
McAfee Artemis!04055601ABBD
Avast Win32:DropperX-gen [Drp]
Kaspersky HEUR:Trojan-Downloader.Win32.Deyma.gen
Alibaba TrojanDownloader:Win32/Midie.63a01cab
NANO-Antivirus Trojan.Win32.Deyma.kisjwz
MicroWorld-eScan Trojan.GenericKD.72012777
Rising Trojan.ShellCodeRunner!1.F73D (CLASSIC)
Emsisoft Trojan.GenericKD.72012777 (B)
F-Secure Trojan.TR/Kryptik.aazir
DrWeb Trojan.MulDrop25.13254
Zillya Trojan.GenKryptik.Win32.474692
TrendMicro Trojan.Win32.AMADEY.YXEBTZ
McAfeeD ti!B7620BFF5539
Trapmine suspicious.low.ml.score
FireEye Generic.mg.04055601abbd16ec
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Amadey
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Kryptik.aazir
MAX malware (ai score=100)
Antiy-AVL Trojan/Win32.GenKryptik
Kingsoft Win32.Trojan-Downloader.Deyma.gen
Gridinsoft Ransom.Win32.Sabsik.sa
Xcitium Malware@#9hninsk78puu
Microsoft Trojan:Win32/Midie!MTB
ZoneAlarm HEUR:Trojan-Downloader.Win32.Deyma.gen
GData Trojan.GenericKD.72012777
Varist W32/ABTrojan.RHAI-0056
AhnLab-V3 Trojan/Win.Generic.C5587763
BitDefenderTheta Gen:NN.ZexaE.36808.yv2@aOtiiAmi