Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.09 10:09
vjgg.exe
09.09 10:09
lnef.exe
09.09 10:09
1.exe
09.09 10:09
oclo.exe
09.09 10:09
pclient.exe
09.09 10:09
lemon.exe
09.09 10:09
responsibilityleadpro.exe
09.09 09:09
Twitch x Loot Lab Even...
09.09 09:09
66dcad8f5f33a_crypted.exe
09.09 09:09
sgf.exe

Latest News
09.09 02:09
오내피플 ‘캐치시큐’, 중소기업기술마켓 ...
09.09 02:09
한국인터넷진흥원, ‘2024 제6차 K-...
09.09 02:09
가상자산 지갑주소 및 트랜잭션 데이터셋 ...
09.09 02:09
국정원, CSK 2024서 주요 사이버안...
09.09 02:09
Mainframe Chip has 360...
09.09 01:09
U.S. Offers $10 Millio...
09.09 01:09
밸롭·웨이든, 24FW 뉴 컬렉션 런칭에...
09.09 01:09
플로리아, 층간소음매트부문 '2024년 ...
09.09 01:09
웹 예능 '기억을 잊는 밤' 누적 조회수...
09.09 01:09
한국장학진흥원, 심리상담사 자격증 24종...

Summary | ZeroBOX

index.jar

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 9, 2021, 9:50 a.m.	July 9, 2021, 10:02 a.m.

Size	179.4KB
Type	Zip archive data, at least v2.0 to extract
MD5	`a53c10a1311d5e77559b0d3a23e24488`
SHA256	`1a33f3131e502de66b9266f3474e0c71b420f6619671e0414cc3b30e93f28bd6`
CRC32	`DC27DD51`
ssdeep	`3072:JrGOdWMxmjIK12v3BuRAtVhahkxRCnPOBP43PyRJQfZb1f2FSsxEJW:JrZdWQmcK8v3BuRCxRCPOBP2fZROQW`
Yara	None matched

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\index.jar
2212

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 9, 2021, 9:50 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 9, 2021, 9:50 a.m.	process_identifier: 2212 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002430000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

Alibaba	Trojan:JS/Banload.7511d5eb
Cyren	JS/Agent.AUY
Kaspersky	Trojan.JS.Agent.eiw
NANO-Antivirus	Trojan.Script.Heuristic-js.iacgm
McAfee-GW-Edition	BehavesLike.Downloader.cc
Avira	EXP/JAVA.Banload.MRAF.Gen
ZoneAlarm	Trojan.JS.Agent.eiw
Cynet	Malicious (score: 99)
McAfee	Artemis!A53C10A1311D

A potential heapspray has been detected. 873 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3493

name

heapspray

process

java.exe

total_mb

873

length

262144

protection

PAGE_READWRITE