Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

d6

PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 29, 2021, 10:42 a.m.	June 29, 2021, 10:42 a.m.

Size	55.9KB
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`530f12f8058199964d0b41f1856185ec`
SHA256	`bbc58fd69ce5fed6691dd8d2084e9b728add808ffd5ea8b42ac284b686f77d9a`
CRC32	`CFF49F34`
ssdeep	`768:01ZqCQKy8IYdfWiUelR36ihR6nmRYsn5jS/OPNi7SbpG:0Nyq+4lRX6IHnsOVi7so`
PDB Path	G:\æºç \hello\x64\Release\netfilterdrv.pdb
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

G:\æºç \hello\x64\Release\netfilterdrv.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

INIT

File has been identified by 38 AntiVirus engines on VirusTotal as malicious (38 events)

DrWeb	Trojan.NtRootKit.20205
MicroWorld-eScan	Trojan.GenericKD.46500455
CAT-QuickHeal	Trojan.Agent
McAfee	Generic .md
Zillya	Trojan.Agent.Win64.8005
Arcabit	Trojan.Generic.D2C58A67
Cyren	W64/Retliften.A.gen!Eldorado
Symantec	Trojan.Malfilter
ESET-NOD32	Win64/Agent.AOD
Kaspersky	HEUR:Trojan.Win64.MalDrv.gen
BitDefender	Trojan.GenericKD.46500455
Paloalto	generic.ml
ViRobot	Trojan.Win64.S.Agent.57216
Rising	Rootkit.Hijacker!1.D587 (CLASSIC)
Emsisoft	Trojan.GenericKD.46500455 (B)
Comodo	Malware@#2ttyxjwlgynhm
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Rootkit.Win64.FETNILTER.A
McAfee-GW-Edition	Generic trojan.md
Sophos	Mal/Generic-R + Troj/Rootkit-MX
Ikarus	Trojan.Retliften
Jiangmin	Trojan.MalDrv.c
Webroot	W32.Trojan.Gen
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Generic.ASMalwS.33A09D4
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win64/Retliften.A
AegisLab	Trojan.Win32.Generic.4!c
GData	Win64.Rootkit.Netfilter.N
AhnLab-V3	Trojan/Win.Retliften.R428224
ALYac	Trojan.Rootkit.Agent
VBA32	Trojan.NtRootKit
Cylance	Unsafe
TrendMicro-HouseCall	Rootkit.Win64.FETNILTER.A
Tencent	Win64.Rootkit.Guntior.Izxv
Fortinet	W64/Agent.AOD!tr
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.119083129.susgen