Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 8, 2024, 4:51 p.m.	Nov. 8, 2024, 4:57 p.m.

Size	3.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a2f8fd5483c5b970e325e521c2bdd89e`
SHA256	`3286a4e91171bba131d9d3cdceb2fdfd4f9ac53cd9583ef1ed080ed1289bac8a`
CRC32	`BDAA367E`
ssdeep	`98304:K3+/ux249h5h0LjbZsbo08s6LMFm4j8rEh0g0mYGYfV9YUaQFp:luBUad84j8rEOgHu7YUjP`
PDB Path	E:\4.0\T_ç»¼åèæ¬å¼åå·¥å·\Release\exebak.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe "C:\Users\test22\AppData\Local\Temp\%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

E:\4.0\T_ç»¼åèæ¬å¼åå·¥å·\Release\exebak.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 8, 2024, 4:51 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 8, 2024, 4:51 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732c2000 process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (50 out of 68 events)

name

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00207df8

size

0x0010d351

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x003162d8

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00316af0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00316af0

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00316af0

size

0x00000144

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00320fb4

size

0x00000468

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321668

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321668

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321668

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321668

size

0x00000034

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321668

size

0x00000034

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00321f88

size

0x000001a6

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\2556eef612\TApi.dll
file	C:\Users\test22\AppData\Local\Temp\2556eef612\t_baibaoyun_win32.dll
file	C:\Users\test22\AppData\Local\Temp\2556eef612\TLib.dll

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\2556eef612\t_baibaoyun_win32.dll
file	C:\Users\test22\AppData\Local\Temp\2556eef612\TLib.dll
file	C:\Users\test22\AppData\Local\Temp\2556eef612\TApi.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0011b800', u'virtual_address': u'0x00207000', u'entropy': 7.982626700922442, u'name': u'.rsrc', u'virtual_size': u'0x0011b768'}

entropy

7.98262670092

description

A section with a high entropy has been found

entropy

0.347160569417

description

Overall entropy of this PE file is high

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW Nov. 8, 2024, 4:51 p.m.	thread_identifier: 0 callback_function: 0x7329c951 hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x73290000	1	459189	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.mDkX
tehtris	Generic.Malware
ClamAV	Win.Trojan.Cridex-9863195-0
CTX	exe.trojan.generic
CAT-QuickHeal	Trojan.Generic.17579
McAfee	PUP-XEF-JR
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Riskware ( 004f5dd11 )
K7AntiVirus	Riskware ( 004f5dd11 )
Symantec	SMG.Heur!gen
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Tyuyan.A suspicious
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Alibaba	Trojan:Win32/Vindor.67461533
NANO-Antivirus	Trojan.Win32.Temr.eykwff
MicroWorld-eScan	Trojan.GenericKD.74679440
Emsisoft	Trojan.GenericKD.74679440 (B)
VIPRE	Trojan.GenericKD.74679440
McAfeeD	ti!3286A4E91171
Trapmine	malicious.moderate.ml.score
Sophos	Potentially Unwanted Software (PUA)
SentinelOne	Static AI - Suspicious PE
Jiangmin	Trojan.Nimnul.de
Webroot	W32.Adware.Gen
Google	Detected
Avira	TR/Vindor.euknn
Antiy-AVL	Trojan[Packed]/Win32.Tyuyan
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win32.Agent.vb!s1
Xcitium	Malware@#fc01sq2dittd
Microsoft	Trojan:Win32/Vindor!pz
Varist	W32/Trojan.BZG.gen!Eldorado
AhnLab-V3	Unwanted/Win32.Agent.R236505
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	PUA.RiskWare.Hacktool
TrendMicro-HouseCall	TROJ_GEN.R014C0CK624
Tencent	Trojan.Win32.Nystprac.za
Fortinet	W32/Generic.AC.366B64!tr
Panda	Trj/CI.A

%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All