popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

MePaxil.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 17, 2024, 10:13 p.m. Aug. 17, 2024, 10:23 p.m.
Size 1.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 bbe6311c3e2fab459f729dc8cd6e3519
SHA256 95fb9ca82017f2a6bc59df0d72fc6f90043e135799d25e9922d4943da4c36874
CRC32 EB9B703D
ssdeep 24576:HzZyi0Kg1ySDKr8TP/4xDVMRy5MxcTCLA8dUtp+FPlDha1edx/M2:H0iTezbe9jp+FPlEoHR
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
104.16.184.241 Active Moloch
104.21.44.66 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 1 file(s) moved.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Set
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Jessica=s
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: VzBless
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Rail Reunion Yeah Surgeon Forums Fred Msn
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'VzBless' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: tyHAdmissions
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Eating Ala Branches Bucks Runtime Dramatic
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'tyHAdmissions' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: YVCuUpdating
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Write Perfume Cindy Monday
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'YVCuUpdating' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: vFwkTreatment
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Debian Secrets Rankings Atmosphere Soon Nextel
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'vFwkTreatment' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: tPSupervision
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Initially Coalition Xbox Carrying Bobby Awarded Cancel
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'tPSupervision' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: kSccTvs
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Harassment Likewise Evans
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'kSccTvs' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Set
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Cw=S
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: rgpUMed
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Radios Carriers Exclusion Heating Arm Plants Cf Businesses
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'rgpUMed' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ZEExpect
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Lucy These Higher Lit Asking
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'ZEExpect' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: zauvShowtimes
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'zauvShowtimes' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: HPPoBottles
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Chevy Mattress Flashing Ye Johnson Sg Short Reed
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'HPPoBottles' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: hLUnable
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Plan Timeline Nv
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 'hLUnable' is not recognized as an internal or external command, operable program or batch file.
console_handle: 0x0000000b
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
file C:\Users\test22\AppData\Local\Temp\543648\Legend.pif
cmdline "C:\Windows\System32\cmd.exe" /k move Offensive Offensive.cmd & Offensive.cmd & exit
file C:\Users\test22\AppData\Local\Temp\543648\Legend.pif
file C:\Users\test22\AppData\Local\Temp\543648\Legend.pif
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /k move Offensive Offensive.cmd & Offensive.cmd & exit
filepath: cmd
1 1 0
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x00000130
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: smss.exe
process_identifier: 232
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: csrss.exe
process_identifier: 308
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: wininit.exe
process_identifier: 344
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: csrss.exe
process_identifier: 356
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: winlogon.exe
process_identifier: 392
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: services.exe
process_identifier: 436
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: lsass.exe
process_identifier: 452
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: lsm.exe
process_identifier: 460
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 560
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 636
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 716
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 780
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 824
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: audiodg.exe
process_identifier: 896
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 984
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 340
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: spoolsv.exe
process_identifier: 1060
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: taskhost.exe
process_identifier: 1112
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 1120
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: dwm.exe
process_identifier: 1192
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: explorer.exe
process_identifier: 1236
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: svchost.exe
process_identifier: 1744
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: pw.exe
process_identifier: 1888
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: SearchIndexer.exe
process_identifier: 1652
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: mobsync.exe
process_identifier: 1664
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: pw.exe
process_identifier: 1944
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: taskhost.exe
process_identifier: 932
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: cmd.exe
process_identifier: 652
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: SearchProtocolHost.exe
process_identifier: 1212
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: conhost.exe
process_identifier: 496
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: SearchFilterHost.exe
process_identifier: 1504
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: MePaxil.exe
process_identifier: 1880
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: pw.exe
process_identifier: 880
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: cmd.exe
process_identifier: 2064
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: conhost.exe
process_identifier: 2100
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: WmiPrvSE.exe
process_identifier: 2280
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: Legend.pif
process_identifier: 2564
1 1 0

Process32NextW

 snapshot_handle: 0x00000130
process_name: inject-x86.exe
process_identifier: 2620
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
cmdline tasklist
host 104.16.184.241
host 104.21.44.66
Process injection Process 2064 resumed a thread in remote process 2564
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000084
suspend_count: 0
process_identifier: 2564
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Autoit.4!c
Cynet Malicious (score: 99)
Skyhigh Artemis!Trojan
Sangfor Trojan.Win32.Agent.Vfo2
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Generik.LPRPMJE
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Autoit.gen
BitDefender Trojan.Generic.36719005
MicroWorld-eScan Trojan.Generic.36719005
Emsisoft Trojan.Generic.36719005 (B)
F-Secure Trojan.TR/AutoIt.mzmdi
DrWeb Trojan.Siggen29.22510
TrendMicro Trojan.Win32.AMADEY.YXEHOZ
McAfeeD ti!95FB9CA82017
FireEye Trojan.Generic.36719005
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira TR/AutoIt.mzmdi
MAX malware (ai score=84)
Kingsoft Win32.Trojan.Autoit.gen
Gridinsoft Malware.Win32.RedLine.tr
ZoneAlarm HEUR:Trojan.Win32.Autoit.gen
GData Win32.Trojan.Agent.SNHWGA
McAfee Artemis!BBE6311C3E2F
DeepInstinct MALICIOUS
Malwarebytes Trojan.Agent.NSIS
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXEHOZ
Tencent Win32.Trojan.FalseSign.Fkjl
huorong Trojan/Injector.btr
Fortinet NSIS/Runner.AM!tr
Panda Trj/Chgt.AD
CrowdStrike win/malicious_confidence_70% (W)
alibabacloud Trojan:Win/Autoit.gyf