Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

steammaa.dll

Generic Malware PE32 .NET DLL PE File DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 17, 2021, 5:52 p.m.	Aug. 17, 2021, 5:53 p.m.

Size	33.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`edd1183d9e947e35574ae65441444e99`
SHA256	`d149bb81c4bddbfea0438ed0f9af3072f3fad4498db09fe7ead79bbdab62b4cf`
CRC32	`BBAB2B0E`
ssdeep	`384:PEGQXMrMUXDiXb8nyCFgrws+DnuA2qrFcwaT6YmPVhqfXqlvm0Et:8GFrMUXDirDCqrw9Dn9cB1T/qlvm0Et`
PDB Path	c:\users\cyber\documents\visual studio 2012\Projects\steammaa\steammaa\obj\Debug\steammaa.pdb
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\users\cyber\documents\visual studio 2012\Projects\steammaa\steammaa\obj\Debug\steammaa.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

ESET-NOD32	a variant of MSIL/Injector.OBE
Avira	HEUR/AGEN.1143872
Cynet	Malicious (score: 99)