popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

zal.exe

Generic Malware Malicious Library UPX MZP Format PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 1, 2025, 9:59 a.m. May 1, 2025, 10:04 a.m.
Size 242.6KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 d73c8c5b1187959d8d1409b2f359d2f9
SHA256 3dc7912dfcb7657ebde9066d0bd5de54db334b5d2fa655acce752ecd498d4748
CRC32 C70B88EA
ssdeep 6144:5s3Zu8C89io10Am8sSWMwuKU7psi2jFkmGgCX/2J:y840bNXBpU7nvmhlJ
Yara
  • PE_Header_Zero - PE File Signature
  • mzp_file_format - MZP(Delphi) file format
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: REG
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\Windows\Fonts\smss.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ""C:\Windows\Fonts\1.bat""
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: nul
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: The batch file cannot be found.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: The operation completed successfully.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935446016
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\Windows\Fonts\smss.exe
file C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
file C:\Windows\Fonts\1.bat
file C:\Windows\Fonts\1.bat
file C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
file C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
file C:\Users\test22\AppData\Local\Temp\zal.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
parameters: "C:\Users\test22\AppData\Local\Temp\zal.exe"
filepath: C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
1 1 0
section {u'size_of_data': u'0x0000e600', u'virtual_address': u'0x00a21000', u'entropy': 7.859132015936393, u'name': u'UPX1', u'virtual_size': u'0x0000f000'} entropy 7.85913201594 description A section with a high entropy has been found
entropy 0.642458100559 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
cmdline REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\Windows\Fonts\smss.exe"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger reg_value C:\Windows\Fonts\smss.exe
file C:\Windows\Fonts\1.bat
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Fsysna.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Ghanarava.168548223259d2f9
Skyhigh BehavesLike.Win32.Dropper.dc
ALYac Gen:Trojan.Malware.pmJfaug8CimO
Cylance Unsafe
VIPRE Gen:Trojan.Malware.pmJfaug8CimO
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Trojan.Malware.pmJfaug8CimO
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Arcabit Trojan.Malware.pmJfaug8CimO
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Generik.MSKKII
APEX Malicious
Avast Win32:Dh-A [Heur]
Kaspersky Trojan.Win32.Fsysna.hlqe
Alibaba Trojan:Win32/Fsysna.9730d8b1
MicroWorld-eScan Gen:Trojan.Malware.pmJfaug8CimO
Rising Trojan.Fsysna!8.5F2 (CLOUD)
Emsisoft Gen:Trojan.Malware.pmJfaug8CimO (B)
Zillya Trojan.Heur2.Win32.491
McAfeeD Real Protect-LS!D73C8C5B1187
Trapmine malicious.high.ml.score
CTX exe.trojan.pmjfaug8cimo
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Google Detected
Antiy-AVL Trojan/Win32.Agent
Gridinsoft Trojan.Win32.CoinMiner.oa!s2
Microsoft PWS:Win32/Zbot!ml
GData Gen:Trojan.Malware.pmJfaug8CimO
AhnLab-V3 Trojan/Win32.Fsysna.C4320496
McAfee GenericRXAA-AA!D73C8C5B1187
DeepInstinct MALICIOUS
VBA32 Trojan.Win64.Miner
Malwarebytes Generic.Trojan.Malicious.DDS
Ikarus Trojan-Downloader.FraudLoa.ZF
Panda Trj/CI.A
Tencent Malware.Win32.Gencirc.10bda3c2
Yandex Trojan.Fsysna!tti2CG9oN9M
MaxSecure Trojan.Malware.103916461.susgen
Fortinet W32/PossibleThreat
AVG Win32:Dh-A [Heur]
alibabacloud Trojan:Win/Fsysna.hfyk