popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

fgdump.exe

Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 20, 2024, 9:10 a.m. Oct. 20, 2024, 10:11 a.m.
Size 952.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 0762764e298c369a2de8afaec5174ed9
SHA256 a6cad2d0f8dc05246846d2a9618fc93b7d97681331d5826f8353e7c3a3206e86
CRC32 FAC7A561
ssdeep 12288:ED7lxIXgij3qi3MAxGQ3BdOukFfY+F1ldsui3hBTo:EEXjj3qgPGQ3BVkpY+F1ldsui37To
PDB Path c:\source\fgdump\Release\fgdump.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: fgDump 2.1.0 - fizzgig and the mighty group at foofus.net
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Written to make j0m0kun's life just a bit easier
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Copyright(C) 2008 fizzgig and foofus.net
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: fgdump comes with ABSOLUTELY NO WARRANTY!
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: This is free software, and you are welcome to redistribute it
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: under certain conditions; see the COPYING and README files for
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: more information.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: No parameters specified, doing a local dump. Specify -? if you are looking for help.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: --- Session ID: 2024-10-20-00-50-41 ---
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Starting dump on 127.0.0.1
console_handle: 0x00000007
1 1 0
pdb_path c:\source\fgdump\Release\fgdump.pdb
resource name BIN
file C:\Users\test22\AppData\Local\Temp\lsremora64.dll
file C:\Users\test22\AppData\Local\Temp\servpw64.exe
file C:\Users\test22\AppData\Local\Temp\lsremora.dll
file C:\Users\test22\AppData\Local\Temp\cachedump.exe
file C:\Users\test22\AppData\Local\Temp\pstgdump.exe
file C:\Users\test22\AppData\Local\Temp\servpw.exe
file C:\Users\test22\AppData\Local\Temp\cachedump64.exe
file C:\Users\test22\AppData\Local\Temp\pwdump.exe
file C:\Users\test22\AppData\Local\Temp\fgexec.exe
Time & API Arguments Status Return Repeated

CreateServiceA

 service_start_name:
start_type: 3
password:
display_name: {5AD1616E-CED3-4AB3-8EE0-EC4C2FF10EA0}
filepath: C:\Users\test22\AppData\Local\Temp\servpw64.exe
service_name: ppwowk
filepath_r: C:\Users\test22\AppData\Local\Temp\servpw64.exe
desired_access: 983551
service_handle: 0x0029ff40
error_control: 0
service_type: 16
service_manager_handle: 0x0029ffe0
1 2752320 0

CreateServiceA

 service_start_name:
start_type: 3
password:
display_name: CacheDump
filepath: C:\Users\test22\AppData\Local\Temp\"C:\Users\test22\AppData\Local\Temp\cachedump64.exe" -s
service_name: CacheDump
filepath_r: "C:\Users\test22\AppData\Local\Temp\cachedump64.exe" -s
desired_access: 983551
service_handle: 0x0052f5e8
error_control: 0
service_type: 16
service_manager_handle: 0x0052f688
1 5436904 0
file C:\Users\test22\AppData\Local\Temp\pwdump.exe
file C:\Users\test22\AppData\Local\Temp\servpw.exe
file C:\Users\test22\AppData\Local\Temp\pstgdump.exe
file C:\Users\test22\AppData\Local\Temp\lsremora.dll
file C:\Users\test22\AppData\Local\Temp\cachedump.exe
file C:\Users\test22\AppData\Local\Temp\fgexec.exe
file C:\Users\test22\AppData\Local\Temp\pwdump.exe
file C:\Users\test22\AppData\Local\Temp\pstgdump.exe
file C:\Users\test22\AppData\Local\Temp\servpw64.exe
file C:\Users\test22\AppData\Local\Temp\lsremora.dll
file C:\Users\test22\AppData\Local\Temp\pwdump.exe