popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

FreeArc-0.67-alpha-win32.exe

NSIS Malicious Library UPX PE File DLL PE32 BMP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 2, 2024, 9:20 p.m. July 2, 2024, 9:22 p.m.
Size 7.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 58d75e3e3002b0769cc9527a87c81e40
SHA256 fe8829e570e545fd3d731fdbe7a15d5210e6191814e30f95d13d7b8ff95e4f11
CRC32 BF4E26FA
ssdeep 196608:c7b203naAATUpCD+CaDGG07hwTIhhd23mPa85iGiF0ELwdPNKICM6W:cn2kaAZpO+3DcVkIhhd2e1iTSwwdPIdM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • NSIS_Installer - Null Soft Installer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75b71000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73261000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c24000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c62000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2640
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75511000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 4296600724
free_bytes_available: 18088435155730432
root_path: C:\Program Files (x86)\FreeArc
total_number_of_bytes: 1725160022
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13313593344
free_bytes_available: 13313593344
root_path: C:\Program Files (x86)\
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 4296602288
free_bytes_available: 26761941418372
root_path: C:\Program Files (x86)\FreeArc
total_number_of_bytes: 8468404008415457884
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13313593344
free_bytes_available: 13313593344
root_path: C:\Program Files (x86)\
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Temp\nsyF212.tmp\InstallOptions.dll
file C:\Users\test22\AppData\Local\Temp\nsyF212.tmp\InstallOptions.dll