popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

38.exe

UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 4, 2024, 7:34 a.m. July 4, 2024, 7:40 a.m.
Size 4.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 40ecc726bee273961d09301c0316af6e
SHA256 477712f48e356d8c77224a1264dd765b1420fc8c0c318b295744a68316b3f055
CRC32 FF1EEB0E
ssdeep 98304:ZR5VLB+g2pSMqgZmqK0scjW0nOs992v6QeoLqELeUpDGxK9jwwLPk4S7cdz5:ZRzLBt2jXkwj3lz2vAouELeU1Gogb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559
RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639
RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95
free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x760b98cd
38+0x13a9 @ 0x4013a9
38+0x115f @ 0x40115f
38+0x6abc @ 0x406abc

exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff
exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653
exception.instruction: jmp 0x76fde667
exception.module: ntdll.dll
exception.exception_code: 0xc0000374
exception.offset: 845395
exception.address: 0x76fde653
registers.esp: 1636712
registers.edi: 1637248
registers.eax: 1636728
registers.ebp: 1636832
registers.edx: 0
registers.ebx: 0
registers.esi: 7733248
registers.ecx: 2147483647
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealer.tsi1
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
Skyhigh Artemis!Trojan
ALYac Trojan.Generic.35765859
Cylance Unsafe
VIPRE Trojan.Generic.35765859
Sangfor Dropper.Win32.Packed.Vggi
K7AntiVirus Trojan ( 005a24931 )
BitDefender Trojan.Generic.35765859
K7GW Trojan ( 005a24931 )
Cybereason malicious.6bee27
Arcabit Trojan.Generic.D221BE63
VirIT Trojan.Win32.Genus.VJE
Symantec Trojan.Startpage
ESET-NOD32 Win32/Packed.7Zip.AI
McAfee Artemis!40ECC726BEE2
Avast Win32:Malware-gen
ClamAV Win.Keylogger.Gencbl-9969771-0
Kaspersky Trojan-Dropper.Win32.Agent.tfsvns
Alibaba Packed:Win32/Keylogger.2eacc15c
NANO-Antivirus Trojan.Win32.Drop.kjdzsg
MicroWorld-eScan Trojan.Generic.35765859
Rising Stealer.Agent/SFX!1.F3AF (CLASSIC)
Emsisoft Trojan.Generic.35765859 (B)
F-Secure Trojan.TR/Drop.Agent.fgrjt
DrWeb Trojan.Siggen26.64444
Zillya Trojan.7Zip.Win32.263
TrendMicro Coinminer.Win32.MALXMR.C
McAfeeD ti!477712F48E35
FireEye Trojan.Generic.35765859
Sophos Mal/Generic-S
Ikarus Trojan.Win32.7zip
Avira TR/Drop.Agent.fgrjt
Antiy-AVL Trojan[Packed]/Win32.7Zip
Kingsoft Win32.Trojan-Dropper.Agent.tfsvns
Xcitium Malware@#kttwe3k3alae
Microsoft Trojan:Win32/CoinMiner.ARA!MTB
ZoneAlarm Trojan-Dropper.Win32.Agent.tfsvns
GData Trojan.Generic.35765859
AhnLab-V3 Trojan/Win.Generic.R634031
DeepInstinct MALICIOUS
Malwarebytes Trojan.Dropper.SFX
Panda Trj/Chgt.AD
TrendMicro-HouseCall Coinminer.Win32.MALXMR.C
Tencent Win32.Trojan-Dropper.Agent.Bnhl
Yandex Trojan.DR.Agent!kMStDfYhT/w
MAX malware (ai score=84)
Fortinet W32/PossibleThreat