popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Z4.dll

Generic Malware Malicious Library UPX PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 12, 2024, 8:47 a.m. Aug. 12, 2024, 9:05 a.m.
Size 104.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f1850ce00f965f6770ea07af89bb6ff4
SHA256 2d6cd54721dd4aaf35d315b8048cc0a7edba59d7456766f5980be826af37cbe6
CRC32 125317CB
ssdeep 1536:R1WPTFr0hYF5jXp8m6TIzX2INMq55u/b//xHU4HMtSi:Jh8jVFnYhU4HMtSi
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
packer Armadillo v1.xx - v2.xx
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10012000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73551000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73514000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73c11000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

 information_class: 76 (SystemFirmwareTableInformation)
3221225474 0
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Sangfor Trojan.Win32.Save.BlackMoon
ESET-NOD32 a variant of Win32/Packed.BlackMoon.A suspicious
ClamAV Win.Dropper.Tiggre-9845940-0
TrendMicro TrojanSpy.Win32.BLACKMOON.YXEHKZ
McAfeeD ti!2D6CD54721DD
Google Detected
Antiy-AVL Trojan/Win32.Blamon.a
Gridinsoft Trojan.Win32.BlackMoon.tr
Xcitium TrojWare.Win32.Zegost.D@6vpf1l
Microsoft Program:Win32/Wacapew.C!ml
GData Win32.Trojan-Stealer.BlackMoon.D
Varist W32/Blackmoon.BA.gen!Eldorado
DeepInstinct MALICIOUS
Ikarus AdWare.Win32.BlackMoon
Tencent Backdoor.Win32.Runshell_l.16001193
Fortinet W32/Blackmoon.D!tr
Paloalto generic.ml
alibabacloud VirTool:Win/Gamarue.Gen