Summary | ZeroBOX
Gen1 Generic Malware Malicious Library Malicious Packer PE64 dll PE File DLL DllRegisterServer
Category Machine Started Completed
ARCHIVE s1_win7_x6403_us Oct. 14, 2024, 10:56 a.m. Oct. 14, 2024, 10:57 a.m.

Archive SSidadm/nlhtml.dll @ v.1.7.2_x64__install__.zip

Summary

Size 190.5KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 5a968a83780406c060335be361e0ea99
SHA1 c7ec1d45372f648657ed041b6c1c410e41117489
SHA256 f41032bfb7ef0b2a228c46b30b40b28e9cbd7dc19879b1996e1d71f2a5782eec
SHA512
4c22eec1c6769f855bce87533ccd56c59d0ecc7e700cfe3b23526ff891fb855158725afb754aa1b6fcd831c22f7fbe9842b2d85e1a9be33ed0753e3a2aba2cec
CRC32 8691A955
ssdeep 3072:fhcc2FnM4s0Kq6JiOu5jDTRy7P+uzPQjGkS0S09AUFXcvbxp:ZcW4pKm5rRy7PRLQj3SGVFsvF
PDB Path nlhtml.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS