Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 19, 2025, 11:08 a.m.	March 19, 2025, 11:11 a.m.

Size	25.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`781594d116452f67c3a9e1cbdc4a2d7c`
SHA256	`975f075451f041072e5cc638a806858e8a471f9a39c7c68ad4037df52324b3a3`
CRC32	`37272C52`
ssdeep	`786432:0BiR4hF8YE+GsDmAsjzZNYSNG/6IJcxDc2bIRw1BZeSdNc:0oRq6IGsDmACZNRQ6IGQgIR+B1W`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

rau.exe "C:\Users\test22\AppData\Local\Temp\rau.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 19, 2025, 11:08 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d62000 process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (50 out of 134 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-vst3.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\portmidi.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-components.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxbase313u_xml_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-cloud-audiocom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\turbojpeg.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\zlib1.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxmsw313u_xrc_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\modules\mod-flac.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-sentry-reporting.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\msvcp140_atomic_wait.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-project-rate.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\modules\mod-opus.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-url-schemes.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\sqlite.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-channel.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-fft.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxmsw313u_core_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-command-parameters.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-module-manager.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxmsw313u_adv_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-screen-geometry.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\vorbisenc.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\vorbis.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\opus.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\portaudio_x86.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-transactions.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-mixer.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-file-formats.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\crashreporter.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-utility.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\sndfile.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-concurrency.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\modules\mod-pcm.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-wx-init.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxbase313u_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-nyquist-effects.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-network-manager.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-vst.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-wave-track-fft.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\libmp3lame.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-exceptions.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-theme.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\jpeg8.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\modules\mod-mpg123.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wavpackdll.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\FLAC.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-xml.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\vorbisfile.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxmsw313u_aui_vc_custom.dll

Drops an executable to the user AppData folder (14 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxbase313u_xml_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-project-rate.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\sqlite.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\msvcp140_atomic_wait.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-sentry-reporting.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\wxmsw313u_xrc_vc_custom.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-components.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\portmidi.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-url-schemes.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-utility.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\turbojpeg.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-time-and-pitch.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\modules\mod-flac.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\lib-channel.dll

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Loader.4!c
MicroWorld-eScan	QD:Trojan.GenericKDQ.A0F24D7756
CAT-QuickHeal	Trojan.Ghanarava.17418156814a2d7c
Skyhigh	Artemis
ALYac	QD:Trojan.GenericKDQ.A0F24D7756
Cylance	Unsafe
VIPRE	QD:Trojan.GenericKDQ.A0F24D7756
BitDefender	QD:Trojan.GenericKDQ.A0F24D7756
K7GW	Trojan ( 005c27a31 )
K7AntiVirus	Trojan ( 005c27a31 )
Arcabit	QD:Trojan.GenericQ.A0F24D7756
Symantec	Trojan.Gen.MBT
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/Loader.Querquedula.K.gen
Avast	Win32:CrypterX-gen [Trj]
Kaspersky	Trojan.Win32.Shella.jv
Emsisoft	QD:Trojan.GenericKDQ.A0F24D7756 (B)
F-Secure	Trojan.TR/Redcap.yphve
DrWeb	Trojan.PWS.Lumma.1819
TrendMicro	Trojan.Win32.DANABOT.YXFB1Z
McAfeeD	ti!975F075451F0
CTX	exe.trojan.loader
Sophos	Mal/Generic-S
FireEye	QD:Trojan.GenericKDQ.A0F24D7756
Google	Detected
Avira	TR/Redcap.atbsr
Antiy-AVL	Trojan[PSW]/Win32.Lumma
Microsoft	Trojan:Win32/Vigorf.A
GData	QD:Trojan.GenericKDQ.A0F24D7756
Varist	W32/ABApplication.AJZW-3411
McAfee	Artemis!781594D11645
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.398540812
Ikarus	Trojan.Win32.LOADER
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.DANABOT.YXFB1Z
Tencent	Win32.Trojan.Shella.Hkjl
MaxSecure	Trojan.Malware.325674353.susgen
Fortinet	W32/Loader_Querquedula.K!tr
AVG	Win32:CrypterX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Loader.QwgvkvuknNz

rau.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All