popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

artifact_x64_test2.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 19, 2025, 11:20 a.m. Feb. 19, 2025, 11:24 a.m.
Size 19.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 b1e8cabf1133b394028a2ab19df8c80a
SHA256 aaea8aab1476a17228b00f296c55ff369e85297298bb0b97b122779750234ea0
CRC32 04A6D18B
ssdeep 384:pR4xYK0nsC4k2/tp1kO8wW7US6MSxny8:pR4xYK86p1JW7ULMSxy
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
20.74.209.192 Active Moloch

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x800030
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c
0xcc000c

exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed
exception.instruction: lodsb al, byte ptr [rsi]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x800030
registers.r14: 1453503984
registers.r15: 0
registers.rcx: 110
registers.rsi: 110
registers.r10: 0
registers.rbx: 8389113
registers.rsp: 8190600
registers.r11: 514
registers.r8: 8791739286068
registers.r9: 0
registers.rdx: 1994794592
registers.r12: 0
registers.rbp: 8388618
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000000000800000
process_handle: 0xffffffffffffffff
1 0 0
host 20.74.209.192