popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

d3

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 19, 2021, 9:08 a.m. June 19, 2021, 9:09 a.m.
Size 49.4KB
Type PE32 executable (native) Intel 80386, for MS Windows
MD5 cb34374f1b5fb771076872c6b14b7501
SHA256 e0afb8b937a5907fbe55a1d1cc7574e9304007ef33fa80ff3896e997a1beaf37
CRC32 AD160030
ssdeep 768:8WetQRPOQaniqkpY0O5w8dBxmT9yWU3jSPyyihNfVARbpn:8WXOQwi6wEBxmTSp3Epn
PDB Path G:\源码\hello\Release\netfilterdrv.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path G:\源码\hello\Release\netfilterdrv.pdb
section INIT
Sangfor Trojan.Win32.Retliften.A
Arcabit Rootkit.Agent.AJIH
ESET-NOD32 Win32/Agent.ADFG
BitDefender Rootkit.Agent.AJIH
MicroWorld-eScan Rootkit.Agent.AJIH
Rising Rootkit.Hijacker!1.D587 (CLASSIC)
Emsisoft Rootkit.Agent.AJIH (B)
MAX malware (ai score=85)
Microsoft Trojan:Win32/Retliften.A
AegisLab Trojan.Win32.Generic.4!c
GData Win32.Rootkit.Netfilter.O
McAfee Artemis!CB34374F1B5F
Webroot W32.Trojan.Gen