Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

Summary | ZeroBOX

0beU0RimJUAeIPysjPIQLhgYSowUv3.exe

Gen1

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 22, 2021, 5:13 p.m.	April 22, 2021, 5:15 p.m.

Size	557.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`80a193b93598109aea05d7a9008358bb`
SHA256	`0941090d3eb785dbf88fbfafffad34c4ab42877b279129616a455347883e5738`
CRC32	`085D9FF9`
ssdeep	`12288:/dVY7kNHvbyVfbWWbyHjaSabybbybvkbleb:/k7kNHvbyVfbWWbyHjaSabybbybvkbl2`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen inject_thread - Code injection with CreateRemoteThread in a remote process screenshot - Take screenshot keylogger - Run a keylogger win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token win_private_profile - Affect private profile win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	o
section	.rdata3
section	.rdata2

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Mint.Zamg.O
FireEye	Generic.mg.80a193b93598109a
CAT-QuickHeal	Trojan.Qshell
McAfee	W32/PinkSbot-HJ!80A193B93598
Cylance	Unsafe
Zillya	Trojan.Qshell.Win32.157
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Qshell.10c01071
K7GW	Trojan ( 00577e2d1 )
K7AntiVirus	Trojan ( 00577e2d1 )
Cyren	W32/Kryptik.CYJ.gen!Eldorado
ESET-NOD32	a variant of Win32/Kryptik.HIUI
APEX	Malicious
Paloalto	generic.ml
BitDefender	Trojan.Mint.Zamg.O
NANO-Antivirus	Trojan.Win32.Qshell.ihrzye
AegisLab	Hacktool.Win32.Krap.lKMc
Ad-Aware	Trojan.Mint.Zamg.O
Emsisoft	Trojan.Mint.Zamg.O (B)
Comodo	Malware@#2zq7bfdl0l3sh
DrWeb	Trojan.Chanitor.59
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.0NA103AD21
McAfee-GW-Edition	BehavesLike.Win32.Dropper.hm
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
GData	Trojan.Mint.Zamg.O
Webroot	W32.Trojan.Gen
Avira	TR/AD.ZDlder.akxqr
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft	Trojan.Heur!.02006020
Arcabit	Trojan.Mint.Zamg.O
ViRobot	Trojan.Win32.S.Agent.570368.AM
Microsoft	Trojan:Win32/Hancitor.ARK!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4298491
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZedlaF.34678.IG8@am315Oni
ALYac	Trojan.Agent.Hancitor
VBA32	Trojan.Wacatac
Malwarebytes	Trojan.Chanitor
TrendMicro-HouseCall	TROJ_FRS.0NA103AD21
Tencent	Malware.Win32.Gencirc.10ce311d
Yandex	Trojan.Qshell!9fP8wkYFOl0
MAX	malware (ai score=85)
MaxSecure	Trojan.Malware.112112997.susgen
Fortinet	W32/GenKryptik.EZVZ!tr