Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 26, 2025, 11:12 a.m.	March 26, 2025, 11:30 a.m.

Size	327.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0676528d1fc19da84c92fe256950bd7`
SHA256	`493b897d1a54e3aa3f177b49b2529d07cdd791c6d693b6be2f9a4f1144b74a32`
CRC32	`D6969600`
ssdeep	`6144:RTouKrWBEu3/Z2lpGDHU3ykJVvr/o6KaV7NRZfUlyT/g:RToPWBv/cpGrU3ygro8V7felu4`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

section

.didat

file	C:\Users\test22\AppData\Local\Temp\C0BB.tmp\C0BC.tmp\C0CC.bat
file	C:\Users\test22\AppData\Local\Temp\11.exe
file	C:\Users\test22\AppData\Local\Temp\C406.tmp\C407.tmp\C428.bat

cmdline	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C406.tmp\C407.tmp\C428.bat C:\Users\test22\AppData\Local\Temp\11.exe go"
cmdline	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C0BB.tmp\C0BC.tmp\C0CC.bat C:\Users\test22\AppData\Local\Temp\11.exe"

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW March 26, 2025, 11:12 a.m.	show_type: 0 filepath_r: C:\Windows\sysnative\cmd parameters: /c "C:\Users\test22\AppData\Local\Temp\C0BB.tmp\C0BC.tmp\C0CC.bat C:\Users\test22\AppData\Local\Temp\11.exe" filepath: C:\Windows\sysnative\cmd	1	1	0
ShellExecuteExW March 26, 2025, 11:12 a.m.	show_type: 0 filepath_r: C:\Windows\sysnative\cmd parameters: /c "C:\Users\test22\AppData\Local\Temp\C406.tmp\C407.tmp\C428.bat C:\Users\test22\AppData\Local\Temp\11.exe go" filepath: C:\Windows\sysnative\cmd	1	1	0

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

cmdline	C:\Windows\sysnative\cmd /c "C:\Users\test22\AppData\Local\Temp\C406.tmp\C407.tmp\C428.bat C:\Users\test22\AppData\Local\Temp\11.exe go"
cmdline	C:\Windows\sysnative\cmd /c "C:\Users\test22\AppData\Local\Temp\C0BB.tmp\C0BC.tmp\C0CC.bat C:\Users\test22\AppData\Local\Temp\11.exe"
cmdline	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C406.tmp\C407.tmp\C428.bat C:\Users\test22\AppData\Local\Temp\11.exe go"
cmdline	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C0BB.tmp\C0BC.tmp\C0CC.bat C:\Users\test22\AppData\Local\Temp\11.exe"
cmdline	sc start ddrver
cmdline	sc create ddrver type= kernel binPath= "C:\Users\test22\AppData\Local\Temp\ssisd.sys"

Time & API	Arguments	Status	Return	Repeated
CreateServiceW March 26, 2025, 11:05 a.m.	service_start_name: start_type: 3 password: display_name: filepath: C:\Users\test22\AppData\Local\Temp\ssisd.sys service_name: ddrver filepath_r: C:\Users\test22\AppData\Local\Temp\ssisd.sys desired_access: 983551 service_handle: 0x00000000002d69d0 error_control: 1 service_type: 1 service_manager_handle: 0x00000000002d69a0	1	2976208	0

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2056 resumed a thread in remote process 2140
Process injection	Process 2252 resumed a thread in remote process 2340
NtResumeThread March 26, 2025, 11:12 a.m.	thread_handle: 0x00000208 suspend_count: 1 process_identifier: 2140	1	0	0
NtResumeThread March 26, 2025, 11:12 a.m.	thread_handle: 0x00000208 suspend_count: 1 process_identifier: 2340	1	0	0

Lionic	Trojan.Win32.GenCBL.4!c
CAT-QuickHeal	Trojan.Ghanarava.1742853193cb6765
Skyhigh	BehavesLike.Win32.RealProtect.fh
ALYac	Zum.Razy.1
Cylance	Unsafe
VIPRE	Trojan.GenericKD.76023058
Sangfor	Trojan.Win32.Gencbl.Vnig
CrowdStrike	win/malicious_confidence_60% (W)
BitDefender	Trojan.GenericKD.76023058
K7GW	Trojan ( 005c40e51 )
K7AntiVirus	Trojan ( 005c40e51 )
Arcabit	Trojan.Generic.D4880512 [many]
VirIT	Trojan.Win32.Genus.IHW
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/GenCBL.FRW
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/GenCBL.e2a95cb6
MicroWorld-eScan	Trojan.GenericKD.76023058
Rising	Trojan.MalCert!1.101B3 (CLASSIC)
Emsisoft	Trojan.GenericKD.76023058 (B)
TrendMicro	Trojan.Win32.AMADEY.YXFCXZ
McAfeeD	ti!493B897D1A54
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.gencbl
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious SFX
FireEye	Generic.mg.f0676528d1fc19da
Google	Detected
Antiy-AVL	GrayWare/Win32.Puwaders
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Win32/Etset!rfn
ViRobot	Trojan.Win.Z.Agent.335469
GData	Win32.Trojan.Agent.HS9404
Varist	W64/ABTrojan.QVCK-1613
McAfee	Artemis!F0676528D1FC
DeepInstinct	MALICIOUS
VBA32	Trojan.BAT.KillFiles
Malwarebytes	Malware.AI.4005561822
Ikarus	Win32.Outbreak
Panda	Trj/Chgt.AD
Zoner	Trojan.Win32.85523
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXFCXZ
Tencent	Win32.Trojan.Generic.Dnhl
Fortinet	W32/PossibleThreat
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/GenCBL.FVL

apple.exe