popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

file.exe

Emotet Gen1 Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 21, 2024, 2:28 p.m. Oct. 21, 2024, 2:31 p.m.
Size 382.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0ef3890b051c62c04435a5ab8cb15ec2
SHA256 b9ce680718abab18162d7358dd9717276d4d77674f699aac9f7dfc3dc2e9115b
CRC32 43BB2BBD
ssdeep 6144:N3GXaEkS6acHhDbYIur4J4Zn4HSMz6gCz3FGIcAolpgVHMe4IuKKew8O/CTq:N4aW4uMz6DwAUOVHMe4938C
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:56613 -> 8.8.8.8:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic

Suricata TLS

No Suricata TLS

domain wloppyload.top description Generic top level domain TLD
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1984
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00620000
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0005eec8 size 0x00000128
name RT_ICON language LANG_CHINESE filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0005eec8 size 0x00000128
name RT_RCDATA language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0005f018 size 0x00002f44
name RT_GROUP_ICON language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0005eff0 size 0x00000022
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3832866432-4053218753-3017428901-1001
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3832866432-4053218753-3017428901-1001
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0

NtCreateFile

 create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3832866432-4053218753-3017428901-1001
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3832866432-4053218753-3017428901-1001
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
3221225525 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Zenpak.4!c
Cynet Malicious (score: 99)
Skyhigh Artemis!Trojan
ALYac Trojan.IcedID.gen
Cylance Unsafe
VIPRE Gen:Variant.Ransom.Conti.59
Sangfor Trojan.Win32.Zenpak.Vdz4
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.74346666
K7GW Trojan ( 00568a0f1 )
K7AntiVirus Trojan ( 00568a0f1 )
Arcabit Trojan.Generic.D46E70AA
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HEEO
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan.Win32.Zenpak.aghc
Alibaba Trojan:Win32/Zenpak.10561675
NANO-Antivirus Trojan.Win32.Emotet.htrmxx
MicroWorld-eScan Trojan.GenericKD.74346666
Rising Trojan.Zenpak!8.10372 (TFE:5:T7jucGsOneL)
Emsisoft Trojan.GenericKD.74346666 (B)
F-Secure Heuristic.HEUR/AGEN.1321895
DrWeb Trojan.IcedID.27
Zillya Trojan.Kryptik.Win32.2064726
TrendMicro TROJ_GEN.R002C0DJJ24
McAfeeD ti!B9CE680718AB
CTX exe.trojan.zenpak
Sophos Mal/Generic-S
FireEye Generic.mg.0ef3890b051c62c0
Jiangmin Trojan.Zenpak.cbg
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1321895
Antiy-AVL Trojan/Win32.Zenpak
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Adware.Win32.DealPly.dd!n
Microsoft Trojan:Win32/IcedId.DEB!MTB
ZoneAlarm Trojan.Win32.Zenpak.aghc
GData Trojan.GenericKD.74346666
Varist W32/Kryptik.BTD.gen!Eldorado
AhnLab-V3 Malware/Win32.Generic.C4151114
McAfee Artemis!0EF3890B051C
DeepInstinct MALICIOUS
VBA32 Trojan.Zenpak
Malwarebytes Malware.AI.2703299017
Ikarus Trojan.Win32.Crypt
Panda Trj/CI.A