Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
08.01 03:08
lasjdflakdsjf.pdf.exe
08.01 03:08
Microsoft_AntiSpam_Ext...
08.01 03:08
hacrvidth vibev.exe
08.01 02:08
vhcrvdh iobv.exe
08.01 02:08
faultrep2.dll
08.01 02:08
faultrep.dll
08.01 02:08
MichelinNight.lnk
08.01 02:08
【算法工程师】李子豪.lnk
08.01 11:08
random.exe
08.01 11:08
dz.js

Latest News
08.02 04:08
Fraud in the Travel In...
08.02 04:08
Apagão Cibernético pod...
08.02 04:08
SENIX Security ’23 – H...
08.02 04:08
Atos slides deeper int...
08.02 04:08
Randall Munroe’s XKCD ...
08.02 04:08
USENIX Security ’23 – ...
08.02 03:08
He Was an FBI Informan...
08.02 03:08
A $500 Open Source Too...
08.02 03:08
Why SAFE. Why Now.
08.02 03:08
What is dynamic applic...

Summary | ZeroBOX

ster.exe

OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 7, 2021, 11:32 a.m.	May 7, 2021, 11:45 a.m.

Size	261.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`5cef87c65c9a2545eb8c9151a5fa1e1d`
SHA256	`9088e5ed27f14a67077827ca9ec4bf6cfa24b4ec669d253e593a1a2d0c66b9da`
CRC32	`EF47F10E`
ssdeep	`6144:obpjhQX5nE8CBatjBq2PkD+rXpAF7TCc4QWoE/rzcPzny:0jGE8CBejtkD+r5Pdrzcu`
Yara	IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature

ster.exe "C:\Users\test22\AppData\Local\Temp\ster.exe"
2256

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA May 7, 2021, 11:32 a.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	tdata
section	mdata
section	wdata

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

CrowdStrike	win/malicious_confidence_60% (W)
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware
McAfee-GW-Edition	Artemis!Trojan
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Casdet!rfn
McAfee	Artemis!5CEF87C65C9A
Rising	Trojan.Casdet!8.FAA9 (CLOUD)
AVG	FileRepMalware
Cybereason	malicious.456130

A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. (1 event)

Time & API	Arguments	Status	Return	Repeated
CryptHashData May 7, 2021, 11:32 a.m.	buffer: 01ca0431 fdb0c77c.01ca0431 fec9a6f8.TEST22-PC.7c6024ad hash_handle: 0x00000000003af870 flags: 0	1	1	0