popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

wlanext.exe

UPX Malicious Library MZP Format PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 24, 2024, 10:19 a.m. Oct. 24, 2024, 10:21 a.m.
Size 1.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a4d92d023f0158e3c7107def757641ae
SHA256 eb7e203a572088217f7e24002c468a57f356e80f1c003e9c14f81eeb5f24139b
CRC32 951E355F
ssdeep 24576:uCtVqnbUQ25Qm2XzQiYcx3RqrPBzKRfuHpEqiyu5T5:ukabmAYc3qrWyuv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
103.161.133.169 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
section .itext
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00540000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 399996
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00503640
process_handle: 0xffffffff
3221225496 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 180224
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x02ff1000
process_handle: 0xffffffff
1 0 0
host 103.161.133.169
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x000002d4
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0
dead_host 103.161.133.169:80
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.ModiLoader.4!c
Cynet Malicious (score: 99)
Cylance Unsafe
Sangfor Downloader.Win32.Modiloader.Vkid
CrowdStrike win/malicious_confidence_90% (D)
BitDefender Gen:Variant.Midie.155494
Arcabit Trojan.Jaik.D3BC2A
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Win32/TrojanDownloader.ModiLoader.AFL
APEX Malicious
Avast Win32:Evo-gen [Trj]
Kaspersky HEUR:Trojan.Win32.DelfInject.gen
Alibaba TrojanDownloader:Win32/ModiLoader.16369f1b
MicroWorld-eScan Gen:Variant.Midie.155494
Rising Downloader.Agent!1.EFE4 (CLASSIC)
Emsisoft Gen:Variant.Midie.155494 (B)
F-Secure Trojan.TR/AVI.Agent.uisrh
DrWeb Trojan.ModiLoader.29
TrendMicro Backdoor.Win32.REMCOS.YXEJVZ
McAfeeD ti!EB7E203A5720
CTX exe.downloader.modiloader
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.a4d92d023f0158e3
Webroot W32.Malware.Gen
Google Detected
Avira TR/AVI.Agent.uisrh
Antiy-AVL Trojan/Win32.DelfInject
Kingsoft Win32.Trojan.DelfInject.gen
Microsoft Trojan:Win32/Remcos.VBI!MTB
GData Gen:Variant.Midie.155494
Varist W32/ABDownloader.NKKL-1447
McAfee Artemis!A4D92D023F01
DeepInstinct MALICIOUS
VBA32 BScope.Backdoor.RmRAT
Malwarebytes Malware.AI.4074489075
Ikarus Trojan-Downloader.Win32.Modiloader
Panda Trj/GdSda.A
TrendMicro-HouseCall Backdoor.Win32.REMCOS.YXEJVZ
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/ModiLoader.ABE!tr
AVG Win32:Evo-gen [Trj]
Paloalto generic.ml