popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

e93629b052f25d25c92a4afaee51cc81

Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check dll DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 15, 2024, 10:34 a.m. Aug. 15, 2024, 10:36 a.m.
Size 155.5KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 7a799f4f9aa63745a75b901a392aff29
SHA256 f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659
CRC32 7A1B4A96
ssdeep 3072:0lCt2jrijQEjnMUWzsjhVPbuGHUluQj6vkZD4vP5iZWyLr:QCIrijNMv6XPbr0kuNr
PDB Path E:\work\ooooooops\181\knock_v1.1.8\knock\bin64\knock.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path E:\work\ooooooops\181\knock_v1.1.8\knock\bin64\knock.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1356
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 148
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004740000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Elastic Windows.Trojan.WarmCookie
Cynet Malicious (score: 100)
ClamAV Win.Malware.Lazy-10030858-0
Rising Trojan.DllInject!8.1984B (TFE:6:S2mcB0MBV6U)
FireEye Generic.mg.7a799f4f9aa63745
Google Detected
DeepInstinct MALICIOUS
Ikarus Trojan.Win64.Agent
file C:\Windows\Tasks\Syberry.job
file C:\ProgramData\Tandem\Updater.exe
file C:\Users\test22\AppData\Roaming\SoftServe\Updater.exe
file C:\ProgramData\Tivix\Updater.exe
file C:\Users\test22\AppData\Roaming\West Agile Labs\Updater.exe
file C:\ProgramData\SnapMobile\Updater.exe
file C:\ProgramData\TechSparq\Updater.exe
file C:\ProgramData\Thinkship\Updater.exe
file C:\ProgramData\Specbee\Updater.exe
file C:\ProgramData\Vectorform\Updater.exe
file C:\ProgramData\TECLA\Updater.dll
file C:\Users\test22\AppData\Roaming\ValueLabs\Updater.dll
file C:\ProgramData\SiteRocket Labs\Updater.exe
file C:\ProgramData\Copious\Updater.exe
file C:\Users\test22\AppData\Roaming\SnapMobile\Updater.exe
file C:\ProgramData\TechSparq\Updater.dll
file C:\ProgramData\Stride\Updater.exe
file C:\ProgramData\Tvisha Technologies\Updater.dll
file C:\Users\test22\AppData\Roaming\Vectorform\Updater.dll
file C:\ProgramData\Software Allies\Updater.dll
file C:\Users\test22\AppData\Roaming\SiteRocket Labs\Updater.dll
file C:\ProgramData\Stride\Updater.dll
file C:\Users\test22\AppData\Roaming\Tivix\Updater.dll
file C:\Users\test22\AppData\Roaming\Software AG\Updater.dll
file C:\Users\test22\AppData\Roaming\Tandem\Updater.dll
file C:\Users\test22\AppData\Roaming\Snyxius Technologies\Updater.dll
file C:\Users\test22\AppData\Roaming\Oxagile\Updater.dll
file C:\ProgramData\SoftServe\Updater.dll
file C:\ProgramData\Ventuso LLC\Updater.dll
file C:\Users\test22\AppData\Roaming\Tandem\Updater.exe
file C:\Users\test22\AppData\Roaming\Copious\Updater.dll
file C:\Users\test22\AppData\Roaming\Specbee\Updater.dll
file C:\Users\test22\AppData\Roaming\Vermonster\Updater.exe
file C:\Users\test22\AppData\Roaming\TECLA\Updater.dll
file C:\Users\test22\AppData\Roaming\Stride\Updater.dll
file C:\ProgramData\Zagaran Software\Updater.dll
file C:\Users\test22\AppData\Roaming\Thinkship\Updater.dll
file C:\Users\test22\AppData\Roaming\Touchtap\Updater.exe
file C:\ProgramData\Tyrannosaurus Tech\Updater.exe
file C:\Users\test22\AppData\Roaming\Software AG\Updater.exe
file C:\ProgramData\Solid Digital\Updater.exe
file C:\Users\test22\AppData\Roaming\Solid Digital\Updater.dll
file C:\ProgramData\TECLA\Updater.exe
file C:\Users\test22\AppData\Roaming\Snyxius Technologies\Updater.exe
file C:\Users\test22\AppData\Roaming\Copious\Updater.exe
file C:\ProgramData\Specbee\Updater.dll
file C:\ProgramData\Solid Digital\Updater.dll
file C:\Users\test22\AppData\Roaming\Software Allies\Updater.dll
file C:\ProgramData\Tyrannosaurus Tech\Updater.dll
file C:\Users\test22\AppData\Roaming\Zagaran Software\Updater.dll
file C:\Users\test22\AppData\Roaming\Vectorform\Updater.exe