Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 15, 2024, 2:20 p.m.	Oct. 15, 2024, 2:33 p.m.

Size	148.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`340efe524c957a5c254f567c30b14b7d`
SHA256	`1d8ad7a7f0b07b83f26162edda497eedc59071b880f379d0d382e174ec83c6af`
CRC32	`C1128E5D`
ssdeep	`3072:aku32+azLpGGADxtpfgVsoHdBPYGG121RjF7GDzYlRg1+7nku32+azLpGGADxtpC:akuG+apADxjfgZox21RjF7G8lg+jkuG5`
Yara	Network_Downloader - File Downloader Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.32.92.201	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 15, 2024, 2:20 p.m.		1	1	0

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73451000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73371000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e04000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73372000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bd1000 process_handle: 0xffffffff	1

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x000140f0

size

0x00000204

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 15, 2024, 2:20 p.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x023b0000 process_handle: 0xffffffff	1	0	0

host

45.32.92.201

Bkav	W32.Common.9169E44C
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.73844191
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73844191
Sangfor	Downloader.Win32.Agent.V7u2
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.73844191
K7GW	Trojan-Downloader ( 005b92441 )
K7AntiVirus	Trojan-Downloader ( 005b92441 )
Arcabit	Trojan.Generic.D466C5DF
VirIT	Trojan.Win32.VBGenus.HCW
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDownloader.VB.RVD
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
NANO-Antivirus	Trojan.Win32.VB.kqsyqz
MicroWorld-eScan	Trojan.GenericKD.73844191
Rising	Downloader.VB!8.1EB (CLOUD)
Emsisoft	Trojan.GenericKD.73844191 (B)
F-Secure	Trojan.TR/VB.Downloader.Gen
McAfeeD	ti!1D8AD7A7F0B0
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.340efe524c957a5c
Webroot	W32.Trojan.GenKD
Google	Detected
Avira	TR/VB.Downloader.Gen
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	malware.kb.a.855
Microsoft	Trojan:Win32/Phonzy.A!ml
GData	Trojan.GenericKD.73844191
Varist	W32/Trojan.CSVN-7817
AhnLab-V3	Trojan/Win.Phonzy.C5659817
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
Ikarus	Trojan.VB.Downloader
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R03BH09FT24
Tencent	Malware.Win32.Gencirc.1418f5d3
huorong	Trojan/Generic!1853AD45E108A4CF
MaxSecure	Trojan.Malware.274032410.susgen
Fortinet	PossibleThreat.PALLAS.H
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Suspicious

update.exe