popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

faultrep.dll

UPX Anti_VM PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 1, 2024, 2:53 p.m. Aug. 1, 2024, 2:55 p.m.
Size 619.0KB
Type PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5 d73cecec94d5983755c81711baa7678e
SHA256 a4abc9c7e3a287641856a069355b02e36226c2ab94cc0807516b86dd66fe1cf5
CRC32 E7300451
ssdeep 12288:GkN64Zi9gbai9wa4jpChx5Rw/eIuClF0KsnBRldC:Gn4ZVuc4VCXzZIrUpI
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

LdrLoadDll

 module_name: C:\Users\test22\AppData\Local\Temp\faultrep.dll
basename: faultrep
stack_pivoted: 0
flags: 0
module_address: 0x00000000
3221225595 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2816
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Convagent.b!c
Cynet Malicious (score: 100)
ALYac Gen:Variant.Ulise.492579
Cylance Unsafe
VIPRE Gen:Variant.Ulise.492579
Sangfor Trojan.Win64.Ulise.Vmz2
K7AntiVirus Trojan ( 005b56d51 )
BitDefender Gen:Variant.Ulise.492579
K7GW Trojan ( 005b56d51 )
Arcabit Trojan.Ulise.D78423
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik_AGen.DXH
APEX Malicious
McAfee Artemis!D73CECEC94D5
Avast Win64:MalwareX-gen [Trj]
Kaspersky VHO:Trojan-Dropper.Win64.Convagent.gen
Alibaba Trojan:Win32/Kryptik.6ca21178
MicroWorld-eScan Gen:Variant.Ulise.492579
Rising Trojan.AntiVM!1.CC71 (CLASSIC)
Emsisoft Gen:Variant.Ulise.492579 (B)
FireEye Gen:Variant.Ulise.492579
Sophos Mal/Generic-S
Google Detected
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Trojan.Win64.Kryptik.sa
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm VHO:Trojan-Dropper.Win64.Convagent.gen
GData Gen:Variant.Ulise.492579
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.3902949423
Ikarus Trojan.Win32.Crypt
Tencent Malware.Win32.Gencirc.11c4247b
Fortinet W32/Kryptik_AGen.DXH!tr
AVG Win64:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_70% (W)
alibabacloud Trojan:Win/Ulise.Gen