popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

PhonerLite.exe

Generic Malware Malicious Library UPX PE32 PE File MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 12, 2025, 11:26 a.m. March 12, 2025, 11:32 a.m.
Size 9.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0eb028bdff2fdf68c2af754020c22115
SHA256 e7995b48dc422414a4d71dfade2a83f016f13765d05d5848f700fc3f1eec8097
CRC32 64C2A9E0
ssdeep 49152:qnRRxEykWcQsCDI9gYoLTikFu98w8njwbf80:qnxyXLCDVLTtjE80
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section CODE
section DATA
section BSS
resource name UNICODEDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1132
region_size: 364544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02000000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1132
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02400000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1132
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1132
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77900000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1132
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x778b0000
process_handle: 0xffffffff
1 0 0
VirIT Trojan.Win32.GenHeur.B
Symantec ML.Attribute.HighConfidence
Avast FileRepMalware [Misc]
Kaspersky UDS:DangerousObject.Multi.Generic
Rising Trojan.Lazzzy!8.1B453 (LESS:bWQ1Og6wKL3/L99owq91QCDCIRU)
McAfeeD ti!E7995B48DC42
Sophos Mal/Generic-S
Gridinsoft Adware.Win32.Amonetize.ka!n
AVG FileRepMalware [Misc]