Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2024, 9:17 a.m.	Oct. 20, 2024, 9:32 a.m.

Size	112.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fadf16a672e4f4af21b0e364a56897c3`
SHA256	`21314041b5b17d156a68d246935ab476d3532a1c9c72a39b02d98a6b7ef59473`
CRC32	`13A0B64A`
ssdeep	`3072:aixRaX6raoCoCyz6/mqv1JR+yBtGOeheWginJq:laZ1tme+1win4`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format

onetap.exe "C:\Users\test22\AppData\Local\Temp\onetap.exe"
2560

Name	Response	Post-Analysis Lookup
pinlateofficial.xyz

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 20, 2024, 9:17 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 20, 2024, 9:17 a.m.	computer_name: TEST22-PC	1	1	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 20, 2024, 9:17 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

File has been identified by 66 AntiVirus engines on VirusTotal as malicious (50 out of 66 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Lmir.laiL
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.PWS.Delf.INS
CAT-QuickHeal	Ransom.MazeIH.S12879142
Skyhigh	Trojan-FSEP!FADF16A672E4
ALYac	Trojan.PWS.Delf.INS
Cylance	Unsafe
VIPRE	Trojan.PWS.Delf.INS
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.PWS.Delf.INS
K7GW	Password-Stealer ( 0052f96e1 )
K7AntiVirus	Password-Stealer ( 0052f96e1 )
Arcabit	Trojan.PWS.Delf.INS
VirIT	Trojan.Win32.GenusT.EFVL
Symantec	Infostealer.Rultazo
Elastic	Windows.Trojan.Azorult
ESET-NOD32	Win32/PSW.Delf.OSF
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
Alibaba	TrojanSpy:Win32/Stealer.fb81643a
NANO-Antivirus	Trojan.Win32.Stealer.fitdqk
Rising	Stealer.AZORult!1.B7AE (CLASSIC)
Emsisoft	Trojan.PWS.Delf.INS (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.PWS.Stealer.24814
Zillya	Trojan.Azorult.Win32.4
TrendMicro	TrojanSpy.Win32.COINSTEAL.SMPIS
McAfeeD	Real Protect-LS!FADF16A672E4
Trapmine	malicious.high.ml.score
CTX	exe.trojan.stealer
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.fadf16a672e4f4af
Jiangmin	Trojan.PSW.Azorult.pr
Webroot	W32.Adware.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan[Ransom]/Win32.Blocker
Kingsoft	Win32.Trojan-Spy.Stealer.gen
Gridinsoft	Ransom.Win32.Blocker.vb!s1
Xcitium	Malware@#11ds6r2r544p2
Microsoft	Trojan:Win32/Stimilina
ViRobot	Trojan.Win32.Z.Delf.115200.KH
ZoneAlarm	HEUR:Trojan-Spy.Win32.Stealer.gen
GData	Win32.Trojan-Stealer.KBot.B
Varist	W32/Delf_Troj.D.gen!Eldorado

onetap.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All