popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wlanext.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 24, 2024, 9:51 a.m. Oct. 24, 2024, 9:54 a.m.
Size 1.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1bce82ea786776f80c8ccb92ad160ede
SHA256 8e868ef64afa97906f7c442a93cadf7b58939b4960863c6d7ea2dcf85faf06fa
CRC32 7FD5A786
ssdeep 24576:ffmMv6Ckr7Mny5QL3JJPTs/FMxyogj8BumnNhoC3D:f3v+7/5QL3g/ysz8gqoC3D
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x734c2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 16384
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03917000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2684
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2688
thread_handle: 0x00000194
process_identifier: 2684
current_directory:
filepath: C:\Windows\System32\svchost.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\wlanext.exe"
filepath_r: C:\Windows\System32\svchost.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000198
1 1 0
Process injection Process 2576 called NtSetContextThread to modify thread in remote process 2684
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 2030440
registers.edi: 0
registers.eax: 4199584
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000194
process_identifier: 2684
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Autoit.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Formbook.tc
Cylance Unsafe
Sangfor Trojan.Win32.Autoit.Vpy3
CrowdStrike win/malicious_confidence_90% (D)
BitDefender AIT:Trojan.Nymeria.6427
Arcabit AIT:Trojan.Nymeria.D191B [many]
VirIT Trojan.Win32.AutoIt_Heur.L
Symantec Trojan Horse
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Injector.Autoit.GNN
APEX Malicious
Avast Script:SNH-gen [Trj]
Kaspersky Trojan.Win32.Strab.ric
Alibaba Trojan:Script/Injector.5ac3677b
MicroWorld-eScan AIT:Trojan.Nymeria.6427
Rising Trojan.Injector/Autoit!1.104AF (CLASSIC)
Emsisoft AIT:Trojan.Nymeria.6427 (B)
F-Secure Trojan.TR/AD.Swotter.ulxnl
McAfeeD ti!8E868EF64AFA
CTX exe.trojan.autoit
Sophos Troj/AutoIt-DHB
FireEye AIT:Trojan.Nymeria.6427
Google Detected
Avira TR/AD.Swotter.ulxnl
Kingsoft Win32.Trojan.Strab.ric
Microsoft Trojan:Win32/AutoitInject.AMB!MTB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan-Stealer.FormBook.WBTSRL
Varist W32/Autoit.XXWI-5918
McAfee Artemis!1BCE82EA7867
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware/Suspicious
Ikarus Trojan.Autoit
Panda Trj/Chgt.AD
Tencent Win32.Trojan.Strab.Xdkl
MaxSecure Trojan.Malware.300983.susgen
Fortinet AutoIt/Agent.OM!tr
AVG Script:SNH-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Win/Phonzy.A9nj