Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

admin.php

OS Processor Check PE32 PE File DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 14, 2021, 2:18 p.m.	Sept. 14, 2021, 2:19 p.m.

Size	32.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`dcbcd8c4fcdd17079caa96f80be4dd04`
SHA256	`0bd512e81a4bf69155b9914b33aba5549cc61e3f5571da1810d99ceeda69b7ce`
CRC32	`5B73583E`
ssdeep	`768:lw5WvEXtn8qE2DmtylSJFEl4d/z/SbYZZRRMBe9TmzbXI20A:q5WvEdny2Dm8EJUchwzB1`
PDB Path	D:\PCC2021\ioc\word_malware\fontmgr\Release\fontmgr.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\PCC2021\ioc\word_malware\fontmgr\Release\fontmgr.pdb

File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 events)

Bkav	W32.AIDetect.malware2
Alibaba	TrojanDownloader:Win32/PsDownload.b2df3262
ESET-NOD32	a variant of Generik.KNMGHYR
Paloalto	generic.ml
Kaspersky	Trojan-Downloader.Win32.PsDownload.jpl
Avast	Win32:Trojan-gen
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
Ikarus	Trojan.SuspectCRC
Avira	TR/Dldr.Agent.skkoc
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win.Generic.C4630742
McAfee	Artemis!DCBCD8C4FCDD
Fortinet	W32/PsDownload.KNMGHYR!tr
AVG	Win32:Trojan-gen