Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 26, 2024, 5:18 p.m.	Oct. 26, 2024, 5:30 p.m.

Size	8.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2082c6e8bbbbbad7d3f7f529a7a882e2`
SHA256	`734051bae45474b991285493b3dd7bd4c06b0c1b1720934eb3064ec4416711e9`
CRC32	`3D66ED27`
ssdeep	`196608:Te1/6FXDLa/yBrms/uIzrBcR3PGjjKj1fIJZrve:TXHywys/VBcEf+1fIJZrve`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

payloadSetup-0507.exe "C:\Users\test22\AppData\Local\Temp\payloadSetup-0507.exe"
940
- payloadSetup-0507.tmp "C:\Users\test22\AppData\Local\Temp\is-6O4JP.tmp\payloadSetup-0507.tmp" /SL5="$30028,7982905,214528,C:\Users\test22\AppData\Local\Temp\payloadSetup-0507.exe"
  1884
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 26, 2024, 5:18 p.m.			0	0

section

.itext

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 26, 2024, 5:19 p.m.	stacktrace: payloadsetup-0507+0xe3b1b @ 0x4e3b1b payloadsetup-0507+0x10113c @ 0x50113c BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 1637816 registers.edi: 4891664 registers.eax: 1637816 registers.ebp: 1637896 registers.edx: 0 registers.ebx: 5126939 registers.esi: 2 registers.ecx: 7	1	0	0

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 26, 2024, 5:18 p.m.	process_identifier: 940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 26, 2024, 5:18 p.m.	process_identifier: 940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 69632 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 26, 2024, 5:18 p.m.	process_identifier: 940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 147456 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041b000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 26, 2024, 5:18 p.m.	process_identifier: 1884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00880000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\execctrl.dll
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\ConnectUtils.dll
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\idp.dll

file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\ConnectUtils.dll
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\execctrl.dll
file	C:\Users\test22\AppData\Local\Temp\is-6O4JP.tmp\payloadSetup-0507.tmp
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\idp.dll
file	C:\Users\test22\AppData\Local\Temp\is-6099J.tmp\_isetup\_shfoldr.dll

file	C:\Users\test22\AppData\Local\Temp\is-6O4JP.tmp\payloadSetup-0507.tmp

Lionic	Riskware.Win32.Pcspeedcat.1!c
Skyhigh	PCSpeedCat-IFC
ALYac	Trojan.GenericKD.64291280
Cylance	Unsafe
VIPRE	Trojan.GenericKD.64291280
Sangfor	PUP.Win32.Pcspeedcat.Vwzd
CrowdStrike	win/grayware_confidence_90% (W)
BitDefender	Trojan.GenericKD.64291280
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D3D501D0
Symantec	PUA.Gen.3
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/VanilLoader.B potentially unwanted
Avast	FileRepPup [PUP]
NANO-Antivirus	Riskware.Win32.Downloader.ieprdg
MicroWorld-eScan	Trojan.GenericKD.64291280
Emsisoft	Trojan.GenericKD.64291280 (B)
DrWeb	Program.Unwanted.3933
McAfeeD	ti!734051BAE454
CTX	exe.adware.pcspeedcat
Sophos	InnoMod (PUA)
SentinelOne	Static AI - Suspicious PE
FireEye	Trojan.GenericKD.64291280
Jiangmin	Hoax.DeceptPCClean.afx
Webroot	W32.Adware.Gen
Antiy-AVL	HackTool[Hoax]/Win32.DeceptPCClean
Kingsoft	malware.kb.a.849
Gridinsoft	PUP.Win32.PCSpeedCat.dd!c
Xcitium	ApplicUnwnt@#3s7l2gqu7ismu
Microsoft	PUA:Win32/PCSpeedCat
GData	Win32.Application.SpeedCat.C
McAfee	PCSpeedCat-IFC
DeepInstinct	MALICIOUS
Malwarebytes	PUP.Optional.PCSpeedCat
MaxSecure	Trojan.Malware.195483843.susgen
AVG	FileRepPup [PUP]

payloadSetup-0507.exe