Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 09:11
DoorDash Wants to Give...
11.15 09:11
Homebrew pH Meter Uses...
11.15 09:11
France’s Proparco Anch...
11.15 09:11
Vietnamese Hacker Grou...
11.15 08:11
Alibaba Sales Disappoi...
11.15 08:11
BofA Strategists Say B...
11.15 08:11
Chinese SilkSpecter Ha...
11.15 08:11
Dark Web Profile: Cade...
11.15 08:11
Trump’s Anti-Regulatio...
11.15 08:11
체크멀, ‘2024 대한민국 디지털 이노...

Summary | ZeroBOX

out3.pdf

PDF

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 9, 2021, 7:06 p.m.	Aug. 9, 2021, 7:08 p.m.

Size	650.9KB
Type	PDF document, version 1.6
MD5	`439fa869bda56295a034ecc758acac1c`
SHA256	`2bb11fa56a131758f8a75a6ffa14b7f608cf5e689c82c4fe73a06d83e3645e4a`
CRC32	`2B5FDD40`
ssdeep	`12288:VJnHVyG8/taoHmkezI2PG+D7cLM8tfwaXJqlzpFAu:Xx8Eca`
Yara	PDF_Format_Z - PDF Format

AcroRd32.exe "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" C:\Users\test22\AppData\Local\Temp\out3.pdf
564
- Adobe_Updater.exe "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US
  1544
- Adobe_Updater.exe "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US
  2972
explorer.exe C:\Windows\Explorer.EXE
1180

Name	Response	Post-Analysis Lookup
swupmf.adobe.com	CNAME ssl.adobe.com.edgekey.net CNAME e4578.dscb.akamaiedge.net A 23.212.12.57	104.109.240.143

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.212.12.57	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 9, 2021, 7:06 p.m.		1	1	0

Performs some HTTP requests (2 events)

request	GET http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd
request	GET http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd

One or more non-whitelisted processes were created (2 events)

parent_process	acrord32.exe				martian_process	"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US
parent_process	acrord32.exe				martian_process	"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US