Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

x4pq7mWBd1EoIa.php

Emotet UPX OS Processor Check PE File PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 1, 2021, 3:14 p.m.	July 1, 2021, 3:16 p.m.

Size	345.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b10f6a5dc20e493d684999d006b53bbe`
SHA256	`417abd1c1db6a5df3a86924f2263a684b58527dfbbada584ba3360f2c5462dfa`
CRC32	`56F8DF18`
ssdeep	`3072:v/dQgxFOpFsXb/RKzdngh/oa+LN5j7TKqrSfdImTzDAaZtCn/vg/1o:v19x3DRKzQ/orL7j51QzDTUnHgm`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text3
section	.text2

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14