popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

po_6645.com

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 9, 2021, 1:37 p.m. March 9, 2021, 1:40 p.m.
Size 116.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0246040c945b8e79195c661cd537599
SHA256 9e3e2e994da639ae3c38a0115b782b7687fa12fcb4b8282871372cda5418947a
CRC32 D11EB28F
ssdeep 1536:glddl141X8kUAOuqPSa4BgaBp9MgojZ3jz:oUz1TGgotH
Yara
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasRichSignature - Rich Signature Check
  • PE_Header_Zero - PE File Signature Zero

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 656
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 656
region_size: 98304
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 656
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003e0000
process_handle: 0xffffffff
1 0 0
host 172.217.25.14
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader37.22484
MicroWorld-eScan Trojan.GenericKD.45836084
FireEye Generic.mg.f0246040c945b8e7
ALYac Trojan.GenericKD.45836084
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (W)
Alibaba Trojan:Win32/Injector.df59a783
K7GW Trojan ( 00578d121 )
K7AntiVirus Trojan ( 00578d121 )
BitDefenderTheta Gen:NN.ZevbaF.34608.hm0@aKEP!Ghi
Cyren W32/VB.OLPI-3948
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EOTW
APEX Malicious
ClamAV Win.Malware.Generic-9839054-0
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.45836084
Avast Win32:Malware-gen
Ad-Aware Trojan.GenericKD.45836084
Emsisoft Trojan.GenericKD.45836084 (B)
F-Secure Trojan.TR/AD.VBCryptor.cnzao
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Fareit.cz
Sophos Mal/Generic-S
Ikarus Trojan.VB.Crypt
Webroot W32.Trojan.TR.AD.VBCryptor.cnza
Avira TR/AD.VBCryptor.cnzao
Microsoft Trojan:MSIL/Cryptor
Arcabit Trojan.Generic.D2BB6734
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan-Downloader.GuLoader.3B6FP8
Cynet Malicious (score: 90)
AhnLab-V3 Win-Trojan/VBKrand.Gen
McAfee Artemis!F0246040C945
MAX malware (ai score=80)
Malwarebytes Trojan.Injector
TrendMicro-HouseCall TROJ_GEN.F0D1C00C521
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/EOTW!tr
AVG Win32:Malware-gen
Panda Trj/RnkBend.A
Qihoo-360 Win32/Heur.Generic.HwMAsaIA