popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

FissionBabyV242.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 30, 2024, 5:11 p.m. Sept. 30, 2024, 5:13 p.m.
Size 5.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 884f0f7907c7a94130294f499bfc1775
SHA256 98391cb6d9531fbba60b324e13b15817c9ee52708aa095024e65b07442829933
CRC32 73035545
ssdeep 98304:+FtXMHvahWcBGQe/DVoBc61MUWzWgHsXrJM+/ahtL186B:AAvOBGQth1hWzxMX2A4tLe6B
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .didat
resource name PNG
name PNG language LANG_CHINESE filetype PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006518c size 0x000015a9
name PNG language LANG_CHINESE filetype PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006518c size 0x000015a9
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_ICON language LANG_CHINESE filetype PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0006bea8 size 0x00003d71
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070288 size 0x000001ce
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070b98 size 0x0000006a
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070c04 size 0x00000068
name RT_MANIFEST language LANG_CHINESE filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00070c6c size 0x00000640
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x7ef90000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000d400', u'virtual_address': u'0x00064000', u'entropy': 6.853213228671951, u'name': u'.rsrc', u'virtual_size': u'0x0000d2ac'} entropy 6.85321322867 description A section with a high entropy has been found
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.tc
ALYac Trojan.GenericKD.74146485
Cylance Unsafe
VIPRE Trojan.GenericKD.74146485
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Trojan.GenericKD.74146485
K7GW Adware ( 005693e61 )
K7AntiVirus Adware ( 005693e61 )
Arcabit Trojan.Generic.D46B62B5
Symantec Trojan.Gen.MBT
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Agent.BE potentially unwanted
APEX Malicious
Avast Win32:AdwareX-gen [Adw]
ClamAV Win.Packed.Zusy-10014517-0
MicroWorld-eScan Trojan.GenericKD.74146485
Rising PUA.Agent!8.1B6B (CLOUD)
Emsisoft Trojan.GenericKD.74146485 (B)
McAfeeD ti!98391CB6D953
CTX exe.trojan.generic
Sophos Generic Reputation PUA (PUA)
FireEye Generic.mg.884f0f7907c7a941
Google Detected
Antiy-AVL GrayWare/Win32.Agent
Gridinsoft Trojan.Win32.Agent.sa
Microsoft Program:Win32/Wacapew.C!ml
GData Win32.Application.Agent.IJO27L
Varist W32/ABApplication.HBWO-7525
McAfee Artemis!884F0F7907C7
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1528204175
Ikarus PUA.Agent
TrendMicro-HouseCall TROJ_GEN.R002H09IM24
Fortinet Riskware/Agent
AVG Win32:AdwareX-gen [Adw]
Paloalto generic.ml
alibabacloud Trojan:Win/Caynamer.A9nj