popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

VST32License.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 5, 2024, 4:18 a.m. Nov. 5, 2024, 4:18 a.m.
Size 912.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 340dc61a684cc553c6e487da9d1692d4
SHA256 da55d9ed238138774d5b89aa72fa8c1a150b93816e462706a02bd36f3080b044
CRC32 2CF4B1FE
ssdeep 6144:Q8JsLcpjzTDDmHayakLkrb4NSarQWzCq0CuQUM0Xl1:9zxzTDWikLSb4NS7Yd0Xl1
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
section .didat
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732c2000
process_handle: 0xffffffff
1 0 0
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_DIALOG language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00105a68 size 0x000001e6
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_STRING language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00106380 size 0x00000078
name RT_MANIFEST language LANG_CHINESE filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001064d0 size 0x00000753
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.dm
K7AntiVirus Unwanted-Program ( 005727961 )
K7GW Unwanted-Program ( 005727961 )
APEX Malicious
ClamAV Win.Malware.Jaik-9831577-0
Trapmine suspicious.low.ml.score
Google Detected
DeepInstinct MALICIOUS
MaxSecure Trojan.Malware.300983.susgen
CrowdStrike win/malicious_confidence_70% (D)