Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

046cb520.exe

Gen1

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 21, 2021, 11:28 p.m.	April 21, 2021, 11:28 p.m.

Size	61.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e814f38a7158bfc8fe36004e2b9f1fd`
SHA256	`023b9912da1614f16e741a7f815ed77c470fb4c6b4e9333ddbfed8b709bfabf3`
CRC32	`D1C158F4`
ssdeep	`768:imhUF2G6QzkiT5vYTbKgkXDbmekehR8bSEln5IyYpamDjobj8Sj:igvw4ZKm0hREln5IUmDjoX`
PDB Path	rundll32.pdb
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen win_mutex - Create or check mutex Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

rundll32.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MUI

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Sophos	ML/PE-A
FireEye	Generic.mg.3e814f38a7158bfc
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_100%
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)