popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

IHBHXXQF.exe

HermeticWiper Gen1 Malicious Library ASPack UPX Malicious Packer Anti_VM PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 2, 2024, 7:42 a.m. July 2, 2024, 7:49 a.m.
Size 1.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5f4de1a8ed39bdcaf3e4c6d5fa547fc2
SHA256 b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34
CRC32 E5DCDBC1
ssdeep 49152:+pz3XTh7DRHcn78onZwLYH5CcfG3+4MuebfrW9TdUbA:+pR7FvqVuSuE8QA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13320388608
root_path: C:\Users\test22\AppData\Local\Temp
total_number_of_bytes: 0
1 1 0
file C:\Users\test22\AppData\Local\Temp\gthread-2.0.dll
file C:\Users\test22\AppData\Local\Temp\gobject-2.0.dll
file C:\Users\test22\AppData\Local\Temp\intl.dll
file C:\Users\test22\AppData\Local\Temp\glib-2.0.dll
file C:\Users\test22\AppData\Local\Temp\iconv.dll
file C:\Users\test22\AppData\Local\Temp\gmodule-2.0.dll
file C:\Users\test22\AppData\Local\Temp\vmtools.dll
file C:\Users\test22\AppData\Local\Temp\vmtoolsd.exe
file C:\Users\test22\AppData\Local\Temp\vmtoolsd.exe
file C:\Users\test22\AppData\Local\Temp\vmtools.dll
file C:\Users\test22\AppData\Local\Temp\glib-2.0.dll
file C:\Users\test22\AppData\Local\Temp\vmtoolsd.exe
file C:\Users\test22\AppData\Local\Temp\gobject-2.0.dll
file C:\Users\test22\AppData\Local\Temp\intl.dll
file C:\Users\test22\AppData\Local\Temp\gmodule-2.0.dll
file C:\Users\test22\AppData\Local\Temp\gthread-2.0.dll
file C:\Users\test22\AppData\Local\Temp\iconv.dll
Bkav W32.AIDetectMalware
Skyhigh BehavesLike.Win32.Dropper.tc
Cylance Unsafe
K7AntiVirus Trojan ( 005b4e9b1 )
K7GW Trojan ( 005b4e9b1 )
McAfee Artemis!5F4DE1A8ED39
Kaspersky UDS:DangerousObject.Multi.Generic
NANO-Antivirus Virus.Win32.Gen.ccmw
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEGAZ
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Rugmi
ZoneAlarm UDS:DangerousObject.Multi.Generic
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEGAZ
Paloalto generic.ml