Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 30, 2024, 11:17 a.m.	Sept. 30, 2024, 11:20 a.m.

Size	281.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`719a93419dd5123b52961a076d283f21`
SHA256	`c50183eed715ec2392249e334940acf66315797a740a8fe782934352fed144c6`
CRC32	`24FD95DF`
ssdeep	`6144:D4mXEU0AU8qYWi0BtNwG2xwC9VMEHka91rVUqS:DEUhWiqqGhs1O`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\winvnc.x86.dll,?ReflectiveLoader@@YGKPAX@Z
2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\winvnc.x86.dll,
2636

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 30, 2024, 11:17 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10038000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Sept. 30, 2024, 11:17 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bf1000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Gimmiv.4!c
Cynet	Malicious (score: 99)
ALYac	Misc.HackTool.Meterpreter
Cylance	Unsafe
VIPRE	Gen:Variant.Babar.39204
Sangfor	Riskware.Win32.Gimmiv.V1rc
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Gen:Variant.Babar.39204
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	Trojan.Babar.D9924
Symantec	Trojan Horse
Elastic	Windows.Trojan.CobaltStrike
ESET-NOD32	Win32/Gimmiv.AH
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	HackTool:Win32/Inject.7b4c9efc
NANO-Antivirus	Trojan.Win32.Inject.iupebg
MicroWorld-eScan	Gen:Variant.Babar.39204
Rising	HackTool.Inject!8.36B (TFE:5:zv9jVe2jqCF)
Emsisoft	Gen:Variant.Babar.39204 (B)
F-Secure	Trojan.TR/Gimmiv.dhghl
DrWeb	Tool.Inject.80
Zillya	Tool.Inject.Win32.8428
TrendMicro	PUA.Win32.WINVNC.A
McAfeeD	ti!C50183EED715
CTX	dll.trojan.inject
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Gen:Variant.Babar.39204
Jiangmin	HackTool.Inject.bgl
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Gimmiv.dhghl
Antiy-AVL	HackTool/Win32.Inject
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Trojan.Win32.Downloader.ns
Xcitium	Malware@#208igf02pd1mq
Microsoft	Trojan:Win32/Malgent
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Babar.39204
Varist	W32/ABRisk.XKMB-8668
AhnLab-V3	Trojan/Win.Inject.C5469602
McAfee	GenericRXAA-AA!719A93419DD5
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3542577369
Ikarus	Trojan.Win32.Gimmiv
Panda	Trj/CI.A
TrendMicro-HouseCall	PUA.Win32.WINVNC.A

winvnc.x86.dll