popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

stail.exe

Emotet Gen1 Generic Malware Malicious Library Confuser .NET UPX Admin Tool (Sysinternals etc ...) dll PE64 MZP Format PE File OS Processor Check PE32 DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 15, 2024, 2:18 p.m. Oct. 15, 2024, 2:22 p.m.
Size 4.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c098830ac7a7e0ea481dba5c2d7e4f92
SHA256 b41a9ce2a1df8b96a0f1cbd95a54f55e6820867141df087c50e4d745e8b8f051
CRC32 BE48CB3F
ssdeep 98304:xdStiRX9/A3OW721x5BX56qNC/Bp1wibpmB9:DRRXlA3ON1DBX56Rv1wibpmB9
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
is-k7769+0x40722 @ 0x440722
is-k7769+0x42567 @ 0x442567
is-k7769+0x47bd4 @ 0x447bd4
is-k7769+0x3db35 @ 0x43db35
is-k7769+0x3ca6b @ 0x43ca6b
is-k7769+0x884b0 @ 0x4884b0
is-k7769+0x75f02 @ 0x475f02
is-k7769+0x8c071 @ 0x48c071
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00
exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea
exception.instruction: mov eax, dword ptr [esi]
exception.module: mpr.dll
exception.exception_code: 0xc0000005
exception.offset: 11754
exception.address: 0x74162dea
registers.esp: 1637616
registers.edi: 5193208
registers.eax: 1637644
registers.ebp: 1637660
registers.edx: 1014
registers.ebx: 0
registers.esi: 1014
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
is-k7769+0x40722 @ 0x440722
is-k7769+0x42567 @ 0x442567
is-k7769+0x47bd4 @ 0x447bd4
is-k7769+0x3db35 @ 0x43db35
is-k7769+0x3ca6b @ 0x43ca6b
is-k7769+0x884b0 @ 0x4884b0
is-k7769+0x75f02 @ 0x475f02
is-k7769+0x8c071 @ 0x48c071
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00
exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea
exception.instruction: mov eax, dword ptr [esi]
exception.module: mpr.dll
exception.exception_code: 0xc0000005
exception.offset: 11754
exception.address: 0x74162dea
registers.esp: 1637616
registers.edi: 5193688
registers.eax: 1637644
registers.ebp: 1637660
registers.edx: 44
registers.ebx: 0
registers.esi: 44
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
is-k7769+0x3d65a @ 0x43d65a
is-k7769+0x3ca6b @ 0x43ca6b
is-k7769+0x884b0 @ 0x4884b0
is-k7769+0x75f02 @ 0x475f02
is-k7769+0x8c071 @ 0x48c071
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b
exception.symbol: is-k7769+0x3a94f
exception.instruction: div dword ptr [edi]
exception.module: is-K7769.tmp
exception.exception_code: 0xc0000094
exception.offset: 239951
exception.address: 0x43a94f
registers.esp: 1637788
registers.edi: 5053764
registers.eax: 9651686
registers.ebp: 1637868
registers.edx: 0
registers.ebx: 1
registers.esi: 5053756
registers.ecx: 5053764
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 20480
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0040e000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2616
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\is-EGQGV.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\is-EGQGV.tmp\_isetup\_iscrypt.dll
file C:\Users\test22\AppData\Local\Glass Video Converter\glassvideoconverter.exe
file C:\Users\test22\AppData\Local\Temp\is-EGQGV.tmp\_isetup\_RegDLL.tmp
file C:\Users\test22\AppData\Local\Temp\is-MQPQV.tmp\is-K7769.tmp
file C:\Users\test22\AppData\Local\Temp\is-EGQGV.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\is-EGQGV.tmp\_isetup\_iscrypt.dll
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Glass Video Converter_is1
2 0