popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

HmngBpR.exe

Malicious Library UPX PE64 PE File OS Processor Check MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 7, 2025, 6:16 p.m. March 7, 2025, 6:18 p.m.
Size 10.0MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 cac77e1df9d179c4febe6e2a557bb32b
SHA256 02596ab86597670e98b7d1fa7cf26fd3a01a012f1e73eae0dbbdf55db80b6149
CRC32 40B4557B
ssdeep 98304:fn8FP1Cw5vst3LYG9HZA9jrUgTut7ThVivgfDuXh1Ea0SJNXYL2IsPADyW:fkP16YKHZ2vuthDuR1z9vIiM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .didata
resource name MW
resource name VCLSTYLE
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
__dbk_fcall_wrapper-0x8f0a hmngbpr+0xec16 @ 0x40ec16
__dbk_fcall_wrapper-0x8ed4 hmngbpr+0xec4c @ 0x40ec4c
TMethodImplementationIntercept+0x39a5f5 dbkFCallWrapperAddr-0xd17c3 hmngbpr+0x432795 @ 0x832795
TMethodImplementationIntercept+0x39a728 dbkFCallWrapperAddr-0xd1690 hmngbpr+0x4328c8 @ 0x8328c8
TMethodImplementationIntercept+0x39e192 dbkFCallWrapperAddr-0xcdc26 hmngbpr+0x436332 @ 0x836332
TMethodImplementationIntercept+0x39d914 dbkFCallWrapperAddr-0xce4a4 hmngbpr+0x435ab4 @ 0x835ab4
TMethodImplementationIntercept+0x3d4e4c dbkFCallWrapperAddr-0x96f6c hmngbpr+0x46cfec @ 0x86cfec
TMethodImplementationIntercept+0x29a775 dbkFCallWrapperAddr-0x1d1643 hmngbpr+0x332915 @ 0x732915
TMethodImplementationIntercept+0x29a17e dbkFCallWrapperAddr-0x1d1c3a hmngbpr+0x33231e @ 0x73231e
TMethodImplementationIntercept+0x3d60d0 dbkFCallWrapperAddr-0x95ce8 hmngbpr+0x46e270 @ 0x86e270
__dbk_fcall_wrapper-0xaa80 hmngbpr+0xd0a0 @ 0x40d0a0
TMethodImplementationIntercept+0x29a000 dbkFCallWrapperAddr-0x1d1db8 hmngbpr+0x3321a0 @ 0x7321a0
TMethodImplementationIntercept+0x2aac63 dbkFCallWrapperAddr-0x1c1155 hmngbpr+0x342e03 @ 0x742e03
TMethodImplementationIntercept+0x3ed708 dbkFCallWrapperAddr-0x7e6b0 hmngbpr+0x4858a8 @ 0x8858a8
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 1241568
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1245152
registers.r11: 1243184
registers.r8: 0
registers.r9: 0
registers.rdx: 328
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 2003625156
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000415000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000434000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000434000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000415000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000434000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000434000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000f60000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00486000', u'virtual_address': u'0x0059b000', u'entropy': 7.8459985257867295, u'name': u'.rsrc', u'virtual_size': u'0x00485f2b'} entropy 7.84599852579 description A section with a high entropy has been found
entropy 0.453206790274 description Overall entropy of this PE file is high
Skyhigh Artemis!Trojan
Cylance Unsafe
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Generik.HGRNFBX
Kaspersky Trojan.Win32.Penguish.dvz
Rising Trojan.Undefined!8.1327C (CLOUD)
McAfeeD ti!02596AB86597
Sophos Mal/Generic-S
Microsoft Program:Win32/Wacapew.C!ml
GData Win32.Trojan.Kryptik.UP767N
McAfee Artemis!CAC77E1DF9D1
DeepInstinct MALICIOUS
Panda Trj/Chgt.AD
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat