urlscan.io logo urlscan.io
SecurityTrails logo

box.zero.camp Open in urlscan Pro
175.208.134.150  Public Scan

Back to summary
URL: https://box.zero.camp/report/15904
Submission: On April 19 via manual from MX — Scanned from DE

Form analysis 1 forms found in the DOM

/search.html

<form class="form-inline ml-3" action="/search.html">
  <div class="input-group input-group-sm">
    <input class="form-control form-control-navbar" type="search" placeholder="Search" aria-label="Search" name="qa" value="">
    <div class="input-group-append">
      <button class="btn btn-navbar" type="submit">
        <i class="fas fa-search"></i>
      </button>
    </div>
  </div>
</form>

Text Content

 * 
 * Home


   
 * 
   Dr.Zero Chatbot
   
 * Available after login
   Latest Analysis
   ㆍazne.exe
   ㆍdh-win-v1.0.exe
   ㆍq3.exe
   ㆍq2.exe
   ㆍvbaProject.bin
   ㆍsvchost.exe
   ㆍwe.exe
   ㆍrrmx.exe
   ㆍawe.xlsm
   ㆍjjmfn.exe
   
   Latest News
   ㆍKey Considerations When Managi...
   ㆍOWASP® Global AppSec US 2021 V...
   ㆍPegasus spyware discovered on ...
   ㆍTaking Action With Flashpoint ...
   ㆍDecryptor for Yanluowang malwa...
   ㆍUS warns of Lazarus hackers us...
   ㆍClojure meets Dart in ClojureD...
   ㆍDeliver Better Digital Experie...
   ㆍConti’s Ransomware Toll on the...
   ㆍHow IT Can Use the Hybrid Clou...
   
   
   CUSTOMIZE ADMINLTE
   
   --------------------------------------------------------------------------------
   
   No Navbar border
   Body small text
   Navbar small text
   Sidebar nav small text
   Footer small text
   Sidebar nav flat style
   Sidebar nav legacy style
   Sidebar nav compact
   Sidebar nav child indent
   Main Sidebar disable hover/focus auto expand
   Brand small text
   
   NAVBAR VARIANTS
   
   
   
   ACCENT COLOR VARIANTS
   
   
   
   
   DARK SIDEBAR VARIANTS
   
   
   
   
   LIGHT SIDEBAR VARIANTS
   
   
   
   
   BRAND LOGO VARIANTS
   
   
   
   clear
   
 * 
 * login

ZeroBOX
Guest
   

 * Dashboard

 * Web Scan

 * User Upload

 * Report
   
   * Checklist
   
   * User
   
     

 * Data Analysis
   
   * Map
   
   * Circle

 * Boards
   
   * News
   
   * Tweet
   
   * Document
 * Etc

 * Tools
   
   * Whois
   
   * Decoder
   
   * Check
   
   * Scan
   
   * View

 * Attacker (developing)


REPORT - NICEPROCESSX64.BMP

Malicious Packer Malicious Library PE64 PE File OS Processor Check DLL
 1. Resubmit analysis
 2. Detailed report

ScreenShot

 * 

 * Info
 * Location map

Created 2021.09.12 15:11 Machine s1_win7_x6402 Filename NiceProcessX64.bmp Type
PE32+ executable (GUI) x86-64, for MS Windows AI Score
4
Behavior Score
2.8
ZERO API file : malware VT API (file) 11 detected (Cerbu, malicious, Static AI,
Suspicious PE, Androm, susgen, Wacatac, score, Artemis) md5
3f22bd82ee1b38f439e6354c60126d6d sha256
265c2ddc8a21e6fa8dfaa38ef0e77df8a2e98273a1abfb575aef93c0cc8ee96a ssdeep
6144:ej4R3H20xSWLE2Sgct82tCOcfX+A5yF17s:ejcG72Et8Vf81 imphash
0056da32d722449e0387cffcb345ecd5 impfuzzy
24:aH8zx9lGDqTa702tRXCBgdlJnc+pl39/Oo+hvcGM1SOovbO9Z/8:aQpmPtRXCBg9c+ppopm3A

  No network connection information



SIGNATURE (7CNTS)



Level Description watch File has been identified by 11 AntiVirus engines on
VirusTotal as malicious notice A process attempted to delay the analysis task.
notice Creates executable files on the filesystem notice Expresses interest in
specific running processes notice Repeatedly searches for a not-found process
notice Searches running processes potentially to identify processes for sandbox
evasion info The executable contains unknown PE section names indicative of a
packer (could be a false positive)


RULES (11CNTS)



Level Name Description Collection watch Malicious_Library_Zero Malicious_Library
binaries (download) watch Malicious_Library_Zero Malicious_Library binaries
(upload) watch Malicious_Packer_Zero Malicious Packer binaries (download) watch
Malicious_Packer_Zero Malicious Packer binaries (upload) info IsDLL (no
description) binaries (download) info IsPE64 (no description) binaries
(download) info IsPE64 (no description) binaries (upload) info
OS_Processor_Check_Zero OS Processor Check binaries (download) info
OS_Processor_Check_Zero OS Processor Check binaries (upload) info PE_Header_Zero
PE File Signature binaries (download) info PE_Header_Zero PE File Signature
binaries (upload)


NETWORK (0CNTS) ?



Request CC ASN Co IP4 Rule ? ZERO ?


SURICATA IDS





PE API


IAT(Import Address Table) Library

KERNEL32.dll
 0x140019000 Process32First
 0x140019008 WriteProcessMemory
 0x140019010 SetPriorityClass
 0x140019018 GetCurrentProcess
 0x140019020 TerminateProcess
 0x140019028 GetModuleHandleA
 0x140019030 OpenProcess
 0x140019038 CreateToolhelp32Snapshot
 0x140019040 Sleep
 0x140019048 GetTempPathA
 0x140019050 K32GetModuleFileNameExA
 0x140019058 Process32Next
 0x140019060 CloseHandle
 0x140019068 GetProcAddress
 0x140019070 VirtualAllocEx
 0x140019078 GetCurrentProcessId
 0x140019080 CreateRemoteThread
 0x140019088 K32EnumProcessModules
 0x140019090 WriteConsoleW
 0x140019098 RtlCaptureContext
 0x1400190a0 RtlLookupFunctionEntry
 0x1400190a8 RtlVirtualUnwind
 0x1400190b0 UnhandledExceptionFilter
 0x1400190b8 SetUnhandledExceptionFilter
 0x1400190c0 IsProcessorFeaturePresent
 0x1400190c8 IsDebuggerPresent
 0x1400190d0 GetStartupInfoW
 0x1400190d8 GetModuleHandleW
 0x1400190e0 QueryPerformanceCounter
 0x1400190e8 GetCurrentThreadId
 0x1400190f0 GetSystemTimeAsFileTime
 0x1400190f8 InitializeSListHead
 0x140019100 RtlUnwindEx
 0x140019108 RtlPcToFileHeader
 0x140019110 RaiseException
 0x140019118 GetLastError
 0x140019120 SetLastError
 0x140019128 EnterCriticalSection
 0x140019130 LeaveCriticalSection
 0x140019138 DeleteCriticalSection
 0x140019140 InitializeCriticalSectionAndSpinCount
 0x140019148 TlsAlloc
 0x140019150 TlsGetValue
 0x140019158 TlsSetValue
 0x140019160 TlsFree
 0x140019168 FreeLibrary
 0x140019170 LoadLibraryExW
 0x140019178 EncodePointer
 0x140019180 ExitProcess
 0x140019188 GetModuleHandleExW
 0x140019190 GetModuleFileNameW
 0x140019198 GetStdHandle
 0x1400191a0 WriteFile
 0x1400191a8 HeapFree
 0x1400191b0 HeapAlloc
 0x1400191b8 GetFileType
 0x1400191c0 GetConsoleOutputCP
 0x1400191c8 GetConsoleMode
 0x1400191d0 GetFileSizeEx
 0x1400191d8 SetFilePointerEx
 0x1400191e0 FindClose
 0x1400191e8 FindFirstFileExW
 0x1400191f0 FindNextFileW
 0x1400191f8 IsValidCodePage
 0x140019200 GetACP
 0x140019208 GetOEMCP
 0x140019210 GetCPInfo
 0x140019218 GetCommandLineA
 0x140019220 GetCommandLineW
 0x140019228 MultiByteToWideChar
 0x140019230 WideCharToMultiByte
 0x140019238 GetEnvironmentStringsW
 0x140019240 FreeEnvironmentStringsW
 0x140019248 LCMapStringW
 0x140019250 GetProcessHeap
 0x140019258 SetStdHandle
 0x140019260 GetStringTypeW
 0x140019268 CreateFileW
 0x140019270 FlushFileBuffers
 0x140019278 ReadFile
 0x140019280 ReadConsoleW
 0x140019288 HeapSize
 0x140019290 HeapReAlloc
 0x140019298 SetEndOfFile

EAT(Export Address Table) is none



Similarity measure

--------------------------------------------------------------------------------


SIMILARITY MEASURE (PE FILE ONLY)



View detailed report


Version 1.0.0

Copyright © ZeroBOX All rights reserved.