popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

RHPLumH.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 26, 2025, 9:46 a.m. Feb. 26, 2025, 9:54 a.m.
Size 4.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8d0868398de40e6e16a7c541f07e5e09
SHA256 d3477c131aada6b4af6ac738bc3d2d08785d5b8c981e92e621013b4653c651bb
CRC32 7E38D9C2
ssdeep 49152:H2LAgJxIJTN03QaiX1OOM2b9Ndt9NdtvcA:fAIpN039q1OOM24
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
bitbucket.org
A 104.192.140.24
A 104.192.140.25
A 104.192.140.26
104.192.140.24
IP Address Status Action
104.192.140.24 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
rhplumh+0x2e8881 @ 0x648881
rhplumh+0x2eabbb @ 0x64abbb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 03 51 3c 89 55 e4 8b 45 e4 81 38 50 45 00 00 74
exception.symbol: rhplumh+0xfdc97
exception.instruction: add edx, dword ptr [ecx + 0x3c]
exception.module: RHPLumH.exe
exception.exception_code: 0xc0000005
exception.offset: 1039511
exception.address: 0x45dc97
registers.esp: 8704864
registers.edi: 0
registers.eax: 0
registers.ebp: 8706144
registers.edx: 0
registers.ebx: 8706152
registers.esi: 15040
registers.ecx: 0
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.InjectorNetT.4!c
CAT-QuickHeal Trojan.Ghanarava.17404997847e5e09
Skyhigh Artemis!Trojan
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Avast Win32:AdwareX-gen [Adw]
Kaspersky HEUR:Trojan.Win32.InjectorNetT.gen
Rising Trojan.Kryptik@AI.83 (RDML:EZsdWXqbrWE0Qq0/rROR2A)
TrendMicro Trojan.Win32.AMADEY.YXFBYZ
McAfeeD Real Protect-LS!8D0868398DE4
CTX exe.trojan.injectornett
Sophos Mal/Generic-S
FireEye Generic.mg.8d0868398de40e6e
Google Detected
Antiy-AVL Trojan/Script.Conteban
Kingsoft Win32.Trojan.InjectorNetT.gen
Gridinsoft Malware.Win32.XWorm.tr
Microsoft Trojan:Win32/Caynamer.A!ml
GData Win32.Application.Agent.2PQSRR
Varist W32/ABTrojan.YFNA-3390
DeepInstinct MALICIOUS
Ikarus PUA.Generic
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXFBYZ
huorong TrojanSpy/LummaStealer.ar
Fortinet W32/PossibleThreat
AVG Win32:AdwareX-gen [Adw]
Paloalto generic.ml