popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mcgen.exe

Gen1 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check ZIP Format DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 3, 2025, 5:53 p.m. Jan. 3, 2025, 5:55 p.m.
Size 7.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 211da2d6a5b8b04b49d1c837eecee46c
SHA256 17e89140548fc71f7670ea5ee7df6feab0101386b8d087a81056ac6812d77a51
CRC32 3DC7A7B2
ssdeep 196608:WKD+kduwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWH:B5zIHL7HmBYXrYoaUNo
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
CtfImeIsIME+0x8530 TF_IsCtfmonRunning-0xe28 msctf+0x4a278 @ 0x7fefee9a278
TF_IsCtfmonRunning+0x2f4 TF_RunInputCPL-0x1a19c msctf+0x4b394 @ 0x7fefee9b394
SetInputScope+0x4662 DllRegisterServer-0x10f5e msctf+0x2e1e2 @ 0x7fefee7e1e2
TF_GetInputScope+0x19f3 CtfImeDestroyThreadMgr-0x20a9 msctf+0x14bcb @ 0x7fefee64bcb
TF_GetInputScope+0x2ae9 CtfImeDestroyThreadMgr-0xfb3 msctf+0x15cc1 @ 0x7fefee65cc1
TF_CanUninitialize+0x74 CtfNotifyIME-0x1318 msctf+0x21ea4 @ 0x7fefee71ea4
TF_CleanUpPrivateMessages+0xf48 DllGetClassObject-0x514 msctf+0x180d4 @ 0x7fefee680d4
TF_CleanUpPrivateMessages+0xf26 DllGetClassObject-0x536 msctf+0x180b2 @ 0x7fefee680b2
TF_CleanUpPrivateMessages+0xc7b DllGetClassObject-0x7e1 msctf+0x17e07 @ 0x7fefee67e07
TF_CleanUpPrivateMessages+0xbb8 DllGetClassObject-0x8a4 msctf+0x17d44 @ 0x7fefee67d44
RtlProcessFlsData+0x84 LdrUnlockLoaderLock-0x7c ntdll+0x2b894 @ 0x76d5b894
LdrShutdownProcess+0xa9 NtdllDialogWndProc_W-0x43b ntdll+0x24249 @ 0x76d54249
RtlExitUserProcess+0x90 LdrShutdownProcess-0x20 ntdll+0x24180 @ 0x76d54180
mcgen+0x19ad1 @ 0x13f139ad1
mcgen+0x19a9c @ 0x13f139a9c
mcgen+0xce14 @ 0x13f12ce14
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: ff 50 18 89 9e f8 08 00 00 48 3b fb 74 28 48 39
exception.symbol: CtfImeIsIME+0x8530 TF_IsCtfmonRunning-0xe28 msctf+0x4a278
exception.instruction: call qword ptr [rax + 0x18]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 303736
exception.address: 0x7fefee9a278
registers.r14: 0
registers.r15: 0
registers.rcx: 45527936
registers.rsi: 0
registers.r10: 1
registers.rbx: 0
registers.rsp: 3734672
registers.r11: 0
registers.r8: 3733264
registers.r9: 0
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1950540584
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libcrypto-3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libffi-8.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\rar.exe
file C:\Users\test22\AppData\Local\Temp\_MEI25562\python313.dll
file C:\Users\test22\AppData\Local\Temp\_MEI25562\libssl-3.dll
section {u'size_of_data': u'0x00010400', u'virtual_address': u'0x00047000', u'entropy': 7.968679116370687, u'name': u'.rsrc', u'virtual_size': u'0x000103e8'} entropy 7.96867911637 description A section with a high entropy has been found
entropy 0.201550387597 description Overall entropy of this PE file is high
Bkav W32.Common.19DA815B
Lionic Trojan.Win64.Disco.tsI4
Cynet Malicious (score: 99)
CAT-QuickHeal TrojanSpy.Agent
Skyhigh BehavesLike.Win64.Sednit.wc
ALYac Gen:Variant.Tedy.668778
Cylance Unsafe
VIPRE Gen:Variant.Tedy.668778
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Tedy.668778
K7GW Trojan ( 005bc13e1 )
K7AntiVirus Trojan ( 005bc13e1 )
Arcabit Trojan.Tedy.DA346A
VirIT Trojan.Win64.Genus.HOE
Symantec Scr.Malcode!gen129
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.PyInstaller.X suspicious
Avast Win32:Agent-BDOJ [Trj]
Kaspersky Trojan-Spy.Win32.Agent.dffz
Alibaba Packed:Win32/PyInstaller.98bf0c99
MicroWorld-eScan Gen:Variant.Tedy.668778
Rising Spyware.Agent/PYC!1.EA8F (CLASSIC)
Emsisoft Gen:Variant.Tedy.668778 (B)
F-Secure Trojan.TR/Crypt.FKM.Gen
Zillya Trojan.Agent.Win32.4060150
McAfeeD ti!17E89140548F
CTX exe.trojan.pyinstaller
Sophos Mal/Generic-S
FireEye Gen:Variant.Tedy.668778
Google Detected
Avira TR/Crypt.FKM.Gen
Kingsoft Win32.Trojan-Spy.Agent.dffz
Gridinsoft Ransom.Win64.Wacatac.sa
Microsoft Trojan:Win32/Wacatac.B!ml
GData Gen:Variant.Tedy.668778
Varist W64/Agent.IMI.gen!Eldorado
McAfee Artemis!211DA2D6A5B8
DeepInstinct MALICIOUS
Malwarebytes Spyware.BlankGrabber
Ikarus Trojan-Spy.BlankC
Panda Trj/Agent.MK
TrendMicro-HouseCall TROJ_GEN.R002H09A125
Tencent Win32.Trojan.Agent.Njgl
huorong TrojanSpy/Python.Stealer.d
MaxSecure Trojan.Malware.121218.susgen
Fortinet W64/PyInstaller.L!tr
AVG Win32:Agent-BDOJ [Trj]
Paloalto generic.ml
alibabacloud Trojan[spy]:Win/Packed.PyInstaller.X