popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

needmoney.exe

Malicious Library UPX PE32 PE File OS Processor Check MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 22, 2024, 5:22 p.m. Sept. 22, 2024, 6:05 p.m.
Size 4.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7fa5c660d124162c405984d14042506f
SHA256 fd3edfaff77dd969e3e0d086495e4c742d00e111df9f935ed61dfba8392584b2
CRC32 AF760131
ssdeep 98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x36da120
0x36dadd0
0x30b000
needmoney+0x4f29f @ 0x44f29f
needmoney+0x4ef7f @ 0x44ef7f
needmoney+0x565d8 @ 0x4565d8
needmoney+0x8c980 @ 0x48c980
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 88 08 eb e2 8b e5 5d c3 cc cc cc cc cc cc cc cc
exception.instruction: mov byte ptr [eax], cl
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x36d9cdf
registers.esp: 1635856
registers.edi: 100
registers.eax: 0
registers.ebp: 1635864
registers.edx: 0
registers.ebx: 57520128
registers.esi: 4
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00840000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 3575808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03060000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 3575808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x033d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02260000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 192512
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x022f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00419df4 size 0x000002fc
section {u'size_of_data': u'0x00378200', u'virtual_address': u'0x000a2000', u'entropy': 7.08553244363619, u'name': u'.rsrc', u'virtual_size': u'0x00378200'} entropy 7.08553244364 description A section with a high entropy has been found
entropy 0.85038898863 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealerc.1m!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojanpws.Stealerc
Skyhigh Artemis!Trojan
ALYac Trojan.GenericKD.74159797
Cylance Unsafe
VIPRE Trojan.GenericKD.74159797
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Trojan.GenericKD.74159797
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
Arcabit Trojan.Generic.D46B96B5
VirIT Trojan.Win32.DelphGen.HHA
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HXVV
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.Win32.Stealerc.gen
Alibaba TrojanPSW:Win32/Stealerc.fe9550e7
MicroWorld-eScan Trojan.GenericKD.74159797
Rising Stealer.Stealerc!8.17BE0 (TFE:5:tQDl1E5dURU)
Emsisoft Trojan.GenericKD.74159797 (B)
F-Secure Trojan.TR/AD.Stealc.mwfxv
DrWeb Trojan.DownLoader47.38372
TrendMicro TrojanSpy.Win32.STEALC.YXEIMZ
McAfeeD ti!FD3EDFAFF77D
Trapmine suspicious.low.ml.score
CTX exe.trojan.stealerc
Sophos Mal/Generic-S
Ikarus Backdoor.QBot
FireEye Trojan.GenericKD.74159797
Google Detected
Avira TR/AD.Stealc.mwfxv
Antiy-AVL Trojan/Win32.AGeneric
Kingsoft Win32.Trojan-PSW.Stealerc.gen
Gridinsoft Malware.Win32.Stealc.tr
Xcitium Malware@#fdue7qvkmhqy
Microsoft Trojan:Win32/Stealerc.GAB!MTB
ZoneAlarm HEUR:Trojan-PSW.Win32.Stealerc.gen
GData Trojan.GenericKD.74159797
Varist W32/ABTrojan.ANSE-2389
AhnLab-V3 Trojan/Win.Injuke.C5669537
McAfee Artemis!7FA5C660D124
DeepInstinct MALICIOUS
VBA32 BScope.Trojan.Sabsik.FL
Malwarebytes Guildma.Spyware.Stealer.DDS
Panda Trj/Chgt.AD