popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

install_lodop32.exe

MZP Format PE File dll PE32 DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 17, 2024, 1:27 p.m. Sept. 17, 2024, 2:27 p.m.
Size 2.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 cee0d7092ec83373078d0045a0c74c40
SHA256 99658a950b0acbee61b56609690efd98b8c3a5b2dfa09eb47cca3ef31d8cdb77
CRC32 683ED45C
ssdeep 49152:xJxNHabdDlGc/za1rlFQFigZL+l63UBU3EWttCwYXn6CQqilfG1M3FB:xOLa1ZFU6l0YU3l3QCjgMVB
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
5.181.86.244 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name DLL
resource name OCX
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
install_lodop32+0x4b4e5 @ 0x44b4e5
install_lodop32+0x4b234 @ 0x44b234
install_lodop32+0xcb144 @ 0x4cb144
install_lodop32+0xc9be2 @ 0x4c9be2
install_lodop32+0xa8281 @ 0x4a8281
install_lodop32+0x8524d @ 0x48524d
install_lodop32+0xa5985 @ 0x4a5985
install_lodop32+0x848eb @ 0x4848eb
install_lodop32+0x40946 @ 0x440946
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x755f96c5
install_lodop32+0xa2919 @ 0x4a2919
install_lodop32+0x84e52 @ 0x484e52
install_lodop32+0xa5985 @ 0x4a5985
install_lodop32+0x848eb @ 0x4848eb
install_lodop32+0x40946 @ 0x440946
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
install_lodop32+0x8524d @ 0x48524d
install_lodop32+0xa5985 @ 0x4a5985
install_lodop32+0x848eb @ 0x4848eb
install_lodop32+0x40946 @ 0x440946
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
install_lodop32+0x809ef @ 0x4809ef
install_lodop32+0x8524d @ 0x48524d
install_lodop32+0xa5985 @ 0x4a5985
install_lodop32+0x80613 @ 0x480613
install_lodop32+0x84696 @ 0x484696
install_lodop32+0x847a5 @ 0x4847a5
install_lodop32+0x87287 @ 0x487287
install_lodop32+0x8524d @ 0x48524d
install_lodop32+0xa5985 @ 0x4a5985
install_lodop32+0x80613 @ 0x480613
install_lodop32+0x7f047 @ 0x47f047
install_lodop32+0xd1ddb @ 0x4d1ddb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x7559b727
registers.esp: 1634184
registers.edi: 1634356
registers.eax: 1634184
registers.ebp: 1634264
registers.edx: 0
registers.ebx: 36869696
registers.esi: 5028408
registers.ecx: 7
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00700000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74031000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ef1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75ab1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73ed1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x756e1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 932
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e11000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file C:\Users\test22\AppData\Local\Google\Chrome\Application
file C:\Users\test22\AppData\Local\Google\Chrome\Application\plugins
file C:\Users\test22\AppData\Local\Google\Chrome\Application\plugins\NPCAOSOFT_WEB_PRINT_lodop.dll
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Preferences
name DLL language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x000f3904 size 0x00053e00
name OCX language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00147704 size 0x0017ee00
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x002f0908 size 0x00000128
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x002f0a34 size 0x00000014
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x002f0a4c size 0x000003a0
file C:\Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll
file C:\Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx
file C:\Users\test22\AppData\Local\Google\Chrome\Application\plugins\NPCAOSOFT_WEB_PRINT_lodop.dll
file C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\user.js
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000218
process_name: sdclt.exe
process_identifier: 1156
1 1 0

Process32NextW

 snapshot_handle: 0x00000218
process_name: taskhost.exe
process_identifier: 1884
1 1 0

Process32NextW

 snapshot_handle: 0x00000218
process_name: conhost.exe
process_identifier: 1616
1 1 0

Process32NextW

 snapshot_handle: 0x00000218
process_name: SearchFilterHost.exe
process_identifier: 1572
1 1 0

Process32NextW

 snapshot_handle: 0x00000218
process_name: install_lodop32.exe
process_identifier: 932
1 1 0

Process32NextW

 snapshot_handle: 0x00000218
process_name: pw.exe
process_identifier: 884
1 1 0
section {u'size_of_data': u'0x0024ba00', u'virtual_address': u'0x000a4000', u'entropy': 7.802686882760341, u'name': u'UPX1', u'virtual_size': u'0x0024c000'} entropy 7.80268688276 description A section with a high entropy has been found
entropy 0.998089171975 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 5.181.86.244
Bkav W32.AIDetectMalware
tehtris Generic.Malware
Cylance Unsafe
K7GW Adware ( 0057c14a1 )
K7AntiVirus Adware ( 0057c14a1 )
ESET-NOD32 a variant of Win32/Caosoft.A potentially unwanted
APEX Malicious
NANO-Antivirus Trojan.Win32.Caosoft.ivwnvb
DrWeb Trojan.DownLoader26.37759
Trapmine malicious.high.ml.score
CTX exe.trojan.caosoft
Sophos Generic ML PUA (PUA)
Ikarus Trojan-Spy.Win32.Bancos
Webroot W32.Trojan.Gen
Google Detected
Antiy-AVL Trojan/Win32.Caosoft
DeepInstinct MALICIOUS
VBA32 BScope.Trojan.Downloader
Malwarebytes Generic.Malware/Suspicious
Yandex Riskware.Agent!joRqC+WQiKw
Paloalto generic.ml
dead_host 192.168.56.103:49163
dead_host 192.168.56.103:49165