popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

setup.exe

Generic Malware Malicious Library UPX Malicious Packer MSOffice File PE File OS Processor Check PE32 CAB
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 7, 2025, 3:42 p.m. Jan. 7, 2025, 3:44 p.m.
Size 3.9MB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 307b6a325777d94923f662b3ec2cab6c
SHA256 95838246a5303886567ad9ceed1a83b741de848a3a1b110be0ae98c9f51e3121
CRC32 4F675777
ssdeep 98304:/dPsh/HLvyQInTgNbXZnkwcK50k7Ltj6zOn6:/9sBW0ZXtkzK5tZm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Microsoft_Office_File_Zero - Microsoft Office File
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
cacerts.digicert.com 152.195.38.76
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .symtab
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2556
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c92000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13316079616
free_bytes_available: 13316079616
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3250996
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Temp\1986304783.msi
section {u'size_of_data': u'0x00238000', u'virtual_address': u'0x0018a000', u'entropy': 7.890890086464443, u'name': u'.data', u'virtual_size': u'0x00263118'} entropy 7.89089008646 description A section with a high entropy has been found
section {u'size_of_data': u'0x00011600', u'virtual_address': u'0x00400000', u'entropy': 7.867193167446977, u'name': u'.rsrc', u'virtual_size': u'0x000114a8'} entropy 7.86719316745 description A section with a high entropy has been found
entropy 0.589204831404 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeMachineAccountPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTcbPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeSecurityPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeTakeOwnershipPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeLoadDriverPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeRemoteShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeEnableDelegationPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeManageVolumePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeCreateGlobalPrivilege
1 1 0
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x0018fe31
function_name: wine_get_version
module: ntdll
module_address: 0x76f10000
3221225785 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.FleetDeck.4!c
CAT-QuickHeal Trojan.Ghanarava.17354029832cab6c
ALYac Trojan.GenericKD.75255590
Cylance Unsafe
VIPRE Trojan.GenericKD.75255590
K7AntiVirus Trojan ( 005ba3011 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/RemoteAdmin.FleetDeck.A potentially unsafe
Paloalto generic.ml
MicroWorld-eScan Trojan.GenericKD.75255590
F-Secure Trojan.TR/AVI.Agent.cgmlf
Zillya Tool.FleetDeck.Win32.1
Trapmine malicious.high.ml.score
Avira TR/AVI.Agent.cgmlf
Antiy-AVL Trojan/Win32.Wacatac
Kingsoft Win32.Trojan.Sdum.gen
Microsoft Program:Win32/Cayunamer.A!ml
McAfee Artemis!307B6A325777
Malwarebytes RiskWare.RemoteAdmin
MaxSecure Trojan.Malware.317373700.susgen
Fortinet Adware/RemoteAdmin_FleetDeck