Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 26, 2025, 11:11 a.m.	March 26, 2025, 11:16 a.m.

Size	3.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a41636257412c033699c1a011ed43a33`
SHA256	`c59eef617ae47d1b1885b1625277a0def737d8b109733418e2ad64cc38ad4377`
CRC32	`EE4F70FA`
ssdeep	`49152:2a5r7CvLLcbE/dtbpfuf/2u5jwUMKbxx0o1Si9XoS7OsZD3Sbsm4wUBsTfsnigX0:2a5KvLLcbEhfuXVKUMeH0o1xBzOsZD3K`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 26, 2025, 11:11 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 26, 2025, 11:11 a.m.		1	1	0

packer

Armadillo v1.71

Time & API	Arguments	Status	Return	Repeated
__exception__ March 26, 2025, 11:12 a.m.	stacktrace: RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559 RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639 RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95 free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x760b98cd g354ff43hj67+0x13a9 @ 0x4013a9 g354ff43hj67+0x115f @ 0x40115f g354ff43hj67+0x6abc @ 0x406abc exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653 exception.instruction: jmp 0x76fde667 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 845395 exception.address: 0x76fde653 registers.esp: 1636712 registers.edi: 1637248 registers.eax: 1636728 registers.ebp: 1636832 registers.edx: 0 registers.ebx: 0 registers.esi: 7864320 registers.ecx: 2147483647	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 26, 2025, 11:11 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.tsi1
ALYac	Trojan.GenericKD.75912892
Cylance	Unsafe
VIPRE	Trojan.GenericKD.75912892
CrowdStrike	win/malicious_confidence_70% (W)
BitDefender	Trojan.GenericKD.75912892
K7GW	Trojan ( 005a188e1 )
K7AntiVirus	Trojan ( 005a188e1 )
Arcabit	Trojan.Generic.D48656BC
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Packed.7Zip.AI
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Malware.7zip-10013374-0
Kaspersky	Trojan.Win32.SFX.bag
Alibaba	Trojan:Win32/Generic.d5b9416f
NANO-Antivirus	Trojan.Win32.SFX.kvwxec
MicroWorld-eScan	Trojan.GenericKD.75912892
Rising	Dropper.Agent/SFX!1.F3AF (CLASSIC)
Emsisoft	Trojan.GenericKD.75912892 (B)
McAfeeD	ti!C59EEF617AE4
CTX	exe.trojan.7zip
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.7zip
FireEye	Trojan.GenericKD.75912892
Webroot	Win.Trojan.Gen
Kingsoft	Win32.Trojan.SFX.bag
Microsoft	Trojan:Win32/Caynamer.A!ml
GData	Trojan.GenericKD.75912892
Varist	W32/Agent.KBD.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R684472
McAfee	Artemis!A41636257412
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack.7zip.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R023H0CC325
Tencent	Win32.Trojan.FalseSign.Zylw
MaxSecure	Trojan.Malware.336383904.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Wacapew.C9nj

g354ff43hj67.exe