popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

dssdj.exe

Malicious Library UPX PE32 PE File DLL MZP Format dll DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 31, 2024, 9:35 p.m. July 31, 2024, 9:37 p.m.
Size 1.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
MD5 b78013e1727d77333e2780e95d064b4b
SHA256 7ff9d82d8780e8ae1b5d4721cfd0556d4ae63be353466520ac0b3cd2c44ad2df
CRC32 DCCB3D1E
ssdeep 49152:oVhaXlU8Nw3fXrBvMUB72TwjqJJZ/Zc2pLOicZmsnL:oVhaXlU821578JJZ/O2YcCL
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
insf01c+0x3876a @ 0x43876a
insf01c+0x3a2b4 @ 0x43a2b4
insf01c+0x3dbab @ 0x43dbab
insf01c+0x3e647 @ 0x43e647
insf01c+0x4c474 @ 0x44c474
insf01c+0x4ccd2 @ 0x44ccd2
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedface
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 1637788
registers.edi: 1638019
registers.eax: 1637788
registers.ebp: 1637868
registers.edx: 0
registers.ebx: 4425578
registers.esi: 1638020
registers.ecx: 7
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732d4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2592
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ae0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732d4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72af1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73251000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72901000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75b71000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13323137024
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Temp\is-I0H8J.tmp\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\is-I0H8J.tmp\_isbunzp.dll
file C:\Users\test22\AppData\Local\Temp\is-I0H8J.tmp\_isbunzp.dll
file C:\Users\test22\AppData\Local\Temp\INSF01C.tmp
file C:\Users\test22\AppData\Local\Temp\is-I0H8J.tmp\_shfoldr.dll
eGambit Unsafe.AI_Score_80%
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\myxoftdssdj_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\myxoftdssdj_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\myxoftdssdj_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\myxoftdssdj_is1
2 0