popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

swf.exe

Emotet Gen1 Generic Malware Malicious Library Confuser .NET UPX Admin Tool (Sysinternals etc ...) dll PE64 MZP Format PE File OS Processor Check PE32 DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 15, 2024, 2:17 p.m. Oct. 15, 2024, 2:22 p.m.
Size 4.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c02569d1105aa9135737cf3c1052e9dc
SHA256 5dfba42ad0a0f331b9e08013ba5815a527f8dd01e0703a75a6a77028ede45756
CRC32 CA1CCA73
ssdeep 98304:uayhREQVam9d4DgkTz6ALYvqGUaOnA1u6DfBYi3U7RI6da0K9amv+Bj:YnBV3fOngzb28xklj
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section CODE
section DATA
section BSS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
is-ecele+0x40722 @ 0x440722
is-ecele+0x42567 @ 0x442567
is-ecele+0x47bd4 @ 0x447bd4
is-ecele+0x3db35 @ 0x43db35
is-ecele+0x3ca6b @ 0x43ca6b
is-ecele+0x8862c @ 0x48862c
is-ecele+0x7607a @ 0x47607a
is-ecele+0x8c22d @ 0x48c22d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00
exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea
exception.instruction: mov eax, dword ptr [esi]
exception.module: mpr.dll
exception.exception_code: 0xc0000005
exception.offset: 11754
exception.address: 0x74402dea
registers.esp: 1637616
registers.edi: 30417012
registers.eax: 1637644
registers.ebp: 1637660
registers.edx: 1014
registers.ebx: 0
registers.esi: 1014
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
is-ecele+0x40722 @ 0x440722
is-ecele+0x42567 @ 0x442567
is-ecele+0x47bd4 @ 0x447bd4
is-ecele+0x3db35 @ 0x43db35
is-ecele+0x3ca6b @ 0x43ca6b
is-ecele+0x8862c @ 0x48862c
is-ecele+0x7607a @ 0x47607a
is-ecele+0x8c22d @ 0x48c22d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00
exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea
exception.instruction: mov eax, dword ptr [esi]
exception.module: mpr.dll
exception.exception_code: 0xc0000005
exception.offset: 11754
exception.address: 0x74402dea
registers.esp: 1637616
registers.edi: 30417648
registers.eax: 1637644
registers.ebp: 1637660
registers.edx: 44
registers.ebx: 0
registers.esi: 44
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
is-ecele+0x3d65a @ 0x43d65a
is-ecele+0x3ca6b @ 0x43ca6b
is-ecele+0x8862c @ 0x48862c
is-ecele+0x7607a @ 0x47607a
is-ecele+0x8c22d @ 0x48c22d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b
exception.symbol: is-ecele+0x3a94f
exception.instruction: div dword ptr [edi]
exception.module: is-ECELE.tmp
exception.exception_code: 0xc0000094
exception.offset: 239951
exception.address: 0x43a94f
registers.esp: 1637788
registers.edi: 30412988
registers.eax: 26503677
registers.ebp: 1637868
registers.edx: 0
registers.ebx: 1
registers.esi: 30412980
registers.ecx: 30412988
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 20480
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0040e000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dc0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\is-UAHMT.tmp\_isetup\_iscrypt.dll
file C:\Users\test22\AppData\Local\Temp\is-UAHMT.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Glass Video Converter\glassvc3264.exe
file C:\Users\test22\AppData\Local\Temp\is-UAHMT.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\is-UAHMT.tmp\_isetup\_RegDLL.tmp
file C:\Users\test22\AppData\Local\Temp\is-UAHMT.tmp\_isetup\_iscrypt.dll
file C:\Users\test22\AppData\Local\Temp\is-K314A.tmp\is-ECELE.tmp
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0
file C:\Users\test22\AppData\Local\Temp\is-K314A.tmp\is-ECELE.tmp
Bkav W32.AIDetectMalware
Cynet Malicious (score: 99)
VIPRE Gen:Heur.Munp.1
BitDefender Gen:Heur.Munp.1
Arcabit Trojan.Munp.1
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
APEX Malicious
Kaspersky VHO:Trojan.Win32.Ekstak.aytqu
MicroWorld-eScan Gen:Heur.Munp.1
Emsisoft Gen:Heur.Munp.1 (B)
F-Secure Heuristic.HEUR/AGEN.1372994
CTX exe.unknown.munp
FireEye Gen:Heur.Munp.1
Avira HEUR/AGEN.1372994
ZoneAlarm VHO:Trojan.Win32.Ekstak.aytqu
GData Gen:Heur.Munp.1
huorong HEUR:TrojanDropper/Agent.t