Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 02:11
보안기업 S2W 등 국내외 주요 IT기업...
11.14 02:11
한국치유농업협회, ‘2024 경기 반려식...
11.14 02:11
모니터랩, 제 12회 통합 애플리케이션 ...
11.14 02:11
2024년 전자문서산업 실태조사 공표예정...
11.14 02:11
펜타시큐리티, 두바이에서 중동 사이버보안...
11.14 02:11
금융보안원, 금융권 SW공급망 보안 자율...
11.14 02:11
IBM, 양자 컴퓨팅 성능 혁신…새로운 ...
11.14 02:11
“2025년, 사이버 공격과 보안 부문에...
11.14 02:11
Singapore Tech Firm Ci...
11.14 01:11
루미온트러스트, 넥스트에라 에너지와 친환...

Summary | ZeroBOX

9663.exe

OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 7, 2021, 11:07 a.m.	July 7, 2021, 11:14 a.m.

Size	1.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`de57b50ddeb32383574874af224b2a98`
SHA256	`25e3873adf19d7e8ba42b472322dbafdfc21d55a2119b81ad9728d6e8e2b0e7b`
CRC32	`A369E0E2`
ssdeep	`24576:56SPF9sLegqTaCM1i/7umo6o3pRk11CvLs4pKyJUa1:5AeaCMySM1a`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check

9663.exe "C:\Users\test22\AppData\Local\Temp\9663.exe"
7132

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 7, 2021, 10:59 a.m.	process_identifier: 7132 region_size: 319488 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800	0
NtAllocateVirtualMemory July 7, 2021, 10:59 a.m.	process_identifier: 7132 region_size: 319488 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

A process attempted to delay the analysis task. (1 event)

description

9663.exe tried to sleep 419 seconds, actually delayed analysis time by 114 seconds

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 events)

McAfee	Artemis!DE57B50DDEB3
Cybereason	malicious.a8cfbb
Symantec	Trojan.Gen.2
Kaspersky	UDS:Trojan.Win64.CozyDuke
Avast	Win64:DangerousSig [Trj]
DrWeb	Trojan.Siggen14.1783
McAfee-GW-Edition	Artemis!Trojan
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Sabsik.FT.A!ml
AVG	Win64:DangerousSig [Trj]
Qihoo-360	Win64/Trojan.Generic.HgEASX8A