popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

latest.exe

Generic Malware Malicious Library Downloader UPX ScreenShot AntiDebug PE File dll OS Processor Check PE32 JPEG Format AntiVM DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 8, 2024, 2:04 p.m. Aug. 8, 2024, 2:08 p.m.
Size 9.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 664cebe18c30cc4c32a4dbf0715bf864
SHA256 4d38d3ec76c40174797b8deef25d85fd641baf489a86e1dc42989b82df0ed31d
CRC32 2AD11928
ssdeep 196608:Xz9+P1yXqSd6uGQeHQZGZ4PX5m3GloXDA5LTXHL3h0Z3+Xu+50ah:XYPLSUOVZGZwXQ3kae3LL350ah
Yara
  • Network_Downloader - File Downloader
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 2423520
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description File Downloader rule Network_Downloader
file C:\Users\test22\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Process injection Process 2056 resumed a thread in remote process 2144
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000027c
suspend_count: 1
process_identifier: 2144
1 0 0
Bkav W32.Common.DFE390B7
CAT-QuickHeal Trojan.Agent
ALYac Trojan.GenericKD.73323541
Cylance Unsafe
VIPRE Trojan.GenericKD.73323541
BitDefender Trojan.GenericKD.73323541
Cybereason malicious.18c30c
Arcabit Trojan.Generic.D45ED415
ESET-NOD32 multiple detections
McAfee Artemis!664CEBE18C30
Avast Win64:MalwareX-gen [Trj]
MicroWorld-eScan Trojan.GenericKD.73323541
Rising Trojan.Kryptik!8.8 (CLOUD)
Emsisoft Trojan.GenericKD.73323541 (B)
F-Secure Trojan.TR/AVI.Agent.zobmy
McAfeeD ti!4D38D3EC76C4
FireEye Trojan.GenericKD.73323541
Sophos Mal/Generic-S
Avira TR/AVI.Agent.zobmy
MAX malware (ai score=87)
GData Trojan.GenericKD.73323541
DeepInstinct MALICIOUS
Ikarus Trojan.WinGo.Coinminer
TrendMicro-HouseCall TROJ_GEN.R002H0CH524
Fortinet Riskware/Application
AVG Win64:MalwareX-gen [Trj]