popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

GreenField.docx

PE32 PE File .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 11, 2024, 9:41 a.m. Nov. 11, 2024, 9:46 a.m.
Size 12.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 18208ba6920a74e8ca7bd244571ae383
SHA256 1c30611e8e3a99301ffe1102d4f70c44fd2d7593878dcdf4178002777fe6e920
CRC32 074652D6
ssdeep 192:4Qt7If16ODCvuuYT6DI6kDmBwqVT9N62uEiGe5PF:A16O5CDIJDawqrklEiP5P
PDB Path C:\Users\Administrator\source\repos\GreenField\GreenField\obj\Debug\GreenField.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path C:\Users\Administrator\source\repos\GreenField\GreenField\obj\Debug\GreenField.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00640000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005b0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00512000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00585000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0058b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00587000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0052c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0051a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Crysan.m!c
CAT-QuickHeal Backdoor.MSIL
Skyhigh Artemis!Trojan
ALYac IL:Trojan.MSILZilla.149085
Cylance Unsafe
VIPRE IL:Trojan.MSILZilla.149085
CrowdStrike win/malicious_confidence_100% (W)
BitDefender IL:Trojan.MSILZilla.149085
K7GW Trojan-Downloader ( 005bc54b1 )
K7AntiVirus Trojan-Downloader ( 005bc54b1 )
Arcabit IL:Trojan.MSILZilla.D2465D
VirIT Trojan.Win32.MSIL.FZH
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 MSIL/TrojanDownloader.Agent.RJL
Avast Win32:MalwareX-gen [Trj]
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
Alibaba Backdoor:MSIL/Crysan.f7af4f41
NANO-Antivirus Trojan.Win32.Crysan.ktfvin
MicroWorld-eScan IL:Trojan.MSILZilla.149085
Rising Backdoor.Crysan!8.10ECA (CLOUD)
Emsisoft IL:Trojan.MSILZilla.149085 (B)
F-Secure Trojan.TR/AD.Nekark.eexdy
Zillya Backdoor.Crysan.Win32.7967
McAfeeD ti!1C30611E8E3A
CTX exe.trojan.crysan
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
FireEye IL:Trojan.MSILZilla.149085
Google Detected
Avira TR/AD.Nekark.eexdy
Antiy-AVL Trojan/Win32.Agent
Kingsoft MSIL.Backdoor.Crysan.gen
Microsoft Trojan:VBS/Phish
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData IL:Trojan.MSILZilla.149085
Varist W32/ABTrojan.MQRZ-6219
AhnLab-V3 Trojan/Win.MSILZilla.C5691550
McAfee Artemis!18208BA6920A
DeepInstinct MALICIOUS
Malwarebytes Trojan.Downloader.MSIL
Ikarus Trojan.IL.MSILZilla
Panda Trj/Chgt.AD
Tencent Malware.Win32.Gencirc.141e96df
Fortinet PossibleThreat
AVG Win32:MalwareX-gen [Trj]
Paloalto generic.ml