Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 26, 2025, 11:10 a.m.	March 26, 2025, 11:27 a.m.

Size	614.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4a7a12a9e10dff157ee2b2bd9d8853ba`
SHA256	`9d3373fb5fa7e9dbc382c18f7e26fd85f1279598e88edfe76bef94053c9f7278`
CRC32	`F0B1A4DC`
ssdeep	`12288:91naFROcKytK+kJ4ewy4wGLnrZlLc4j2mFjmPrS2Q6ObyK:9hqOqK+i45IGjrTLhjh0O2Q6RK`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file

setup.exe "C:\Users\test22\AppData\Local\Temp\setup.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
46.246.80.65	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory March 26, 2025, 11:10 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory March 26, 2025, 11:10 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733d2000 process_handle: 0xffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

46.246.80.65

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Lionic	Adware.Win32.Generic.mxGG
Cynet	Malicious (score: 99)
CAT-QuickHeal	AdWare.DealPly.OD8
ALYac	Gen:Variant.Application.Bundler.DealPly.190
Cylance	Unsafe
VIPRE	Gen:Variant.Application.Bundler.DealPly.190
Sangfor	Virus.Win32.Save.a
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Gen:Variant.Application.Bundler.DealPly.190
Arcabit	Trojan.Application.Bundler.DealPly.190
VirIT	Adware.Win32.DealPly.SL
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/DealPly.BX potentially unwanted
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	not-a-virus:HEUR:AdWare.Win32.DealPly.gen
Alibaba	AdWare:Win32/DealPly.b6cc741b
NANO-Antivirus	Riskware.Win32.DealPly.duzogl
MicroWorld-eScan	Gen:Variant.Application.Bundler.DealPly.190
Rising	Trojan.Bitrep!8.F596 (TFE:3:xLToyuYeu0P)
Emsisoft	Gen:Variant.Application.Bundler.DealPly.190 (B)
F-Secure	Heuristic.HEUR/AGEN.1329989
DrWeb	Adware.DealPly.479
Zillya	Tool.Bundler.Win32.32589
TrendMicro	TROJ_GEN.R002C0RCB25
McAfeeD	Real Protect-LS!4A7A12A9E10D
CTX	exe.adware.dealply
Sophos	Generic Reputation PUA (PUA)
FireEye	Generic.mg.4a7a12a9e10dff15
Avira	HEUR/AGEN.1329989
Antiy-AVL	GrayWare/Win32.DealPly
Kingsoft	malware.kb.a.996
Xcitium	ApplicUnwnt.Win32.DealPly.b@5xdvtf
Microsoft	PUA:Win32/Bitrepeyp.B
GData	Gen:Variant.Application.Bundler.DealPly.190
Varist	W32/DealPly.D.gen!Eldorado
McAfee	Artemis!4A7A12A9E10D
DeepInstinct	MALICIOUS
VBA32	Adware.DealPly
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	PUA.DealPly
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0RCB25
Yandex	Riskware.Agent!o/FZR2Gg4m0
huorong	Adware/DealPly.c
MaxSecure	Trojan.Malware.8824174.susgen
Fortinet	Riskware/DealPly
AVG	Win32:Malware-gen

setup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All