popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AAct.exe

PhysicalDrive Generic Malware Malicious Library Downloader UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 30, 2024, 11:25 a.m. Sept. 30, 2024, 11:49 a.m.
Size 695.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ab4bef832c6437ff9cb2be8d43f2bc74
SHA256 d024ddad98eba09880ebac8736ccc81c693553b0e9ea9a83de2d77c34e620112
CRC32 76E0B805
ssdeep 12288:Z+fibzOhKcs2LzWbaCczOXDONT0DmqRghEsuvBcyRJPhr:Z+fibbmxzOXCT0Jcyvhr
Yara
  • PhysicalDrive_20181001 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .code
packer PureBasic 4.x -> Neil Hodgson
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72bc2000
process_handle: 0xffffffff
1 0 0
Lionic Hacktool.Win64.KMSAuto.3!c
Cynet Malicious (score: 100)
Skyhigh Artemis!Trojan
ALYac Gen:Variant.Ursu.847344
Cylance Unsafe
VIPRE Gen:Variant.Ursu.847344
Sangfor Hacktool.Win32.KMSAuto.Vwmx
CrowdStrike win/grayware_confidence_100% (W)
BitDefender Gen:Variant.Ursu.847344
K7GW Unwanted-Program ( 00586daf1 )
K7AntiVirus Unwanted-Program ( 00586daf1 )
Arcabit Trojan.Ursu.DCEDF0
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/HackTool.WinActivator.AF potentially unsafe
APEX Malicious
Avast Win32:MiscX-gen [PUP]
ClamAV Win.Tool.KmsActivator-9917428-0
MicroWorld-eScan Gen:Variant.Ursu.847344
Rising Malware.Undefined!8.C (C64:YzY0OoRL4eSjaWHg)
Emsisoft Gen:Variant.Ursu.847344 (B)
Zillya Tool.WinActivator.Win32.972
TrendMicro PUA.Win32.AutoKMS.CRCEPJ
McAfeeD Real Protect-LS!AB4BEF832C64
CTX exe.trojan.kmsauto
Sophos Troj/ProcInj-AF
FireEye Generic.mg.ab4bef832c6437ff
Jiangmin HackTool.KMSAuto.yp
Webroot W32.Trojan.Gen
Google Detected
Antiy-AVL Trojan/Win32.BTSGeneric
Gridinsoft Hack.Win32.KMS.vl!c
Xcitium ApplicUnwnt@#1rdndw9vayrix
Microsoft HackTool:Win32/AutoKMS
GData Gen:Variant.Ursu.847344
AhnLab-V3 HackTool/Win32.Activator.C1521067
McAfee GenericRXAA-FA!AB4BEF832C64
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus HackTool.AutoKMS
Panda Trj/CI.A
TrendMicro-HouseCall PUA.Win32.AutoKMS.CRCEPJ
Tencent Hacktool.Win64.Kmsauto.16000428
Yandex Trojan.GenAsa!l6yVkIPY7Qo
Fortinet W32/Generic_PUA_EB!tr
AVG Win32:MiscX-gen [PUP]