popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

RingQ.exe

Generic Malware UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 5, 2024, 7:45 a.m. Aug. 5, 2024, 7:53 a.m.
Size 687.5KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 76b660aeed75fd20555985ca7c7c1edd
SHA256 3e9b442995fc472566f6689c275b24bb9d2a0244bd002671d471654d0b0893b0
CRC32 77AEC88F
ssdeep 12288:tm74/CTj3GpvdhHs/pHYEqOQ1z4peak0VD8EOXIYb:tmQCOXIYb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name AVI
resource name PNG
resource name XLM
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlSetCriticalSectionSpinCount+0x9 RtlCreateUnicodeStringFromAsciiz-0x27 ntdll+0x27739 @ 0x76d57739
ringq+0x4f99 @ 0x13fb74f99
ringq+0x6dcb @ 0x13fb76dcb
ringq+0x995e @ 0x13fb7995e
ringq+0xb96c @ 0x13fb7b96c
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 8b 41 20 4d 8b 48 60 41 83 b9 b8 00 00 00 01 0f
exception.symbol: RtlSetCriticalSectionSpinCount+0x9 RtlCreateUnicodeStringFromAsciiz-0x27 ntdll+0x27739
exception.instruction: mov eax, dword ptr [rcx + 0x20]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 161593
exception.address: 0x76d57739
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 4272304
registers.rbx: 0
registers.rsp: 2227008
registers.r11: 1
registers.r8: 8796092882944
registers.r9: 1099511627775
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1400
registers.r13: 0
1 0 0
description RingQ.exe tried to sleep 541 seconds, actually delayed analysis time by 1 seconds
name AVI language LANG_CHINESE filetype RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00024638 size 0x00006400
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name PNG language LANG_CHINESE filetype PNG image data, 8 x 10, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002d7f4 size 0x000003f9
name XLM language LANG_CHINESE filetype XML 1.0 document, ASCII text sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0002dbf0 size 0x00007690
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000b2984 size 0x000001e0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000b2984 size 0x000001e0