Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Summary | ZeroBOX

questioneer-pdf.js

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 18, 2021, 9:59 a.m.	Oct. 18, 2021, 10:02 a.m.

Size	66.3KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`93b27733d5e46b676eca9cf990652070`
SHA256	`a799700b7e69cf25a7a59b29a10152e1f6daac91c00da3b54b655b69dd5f07be`
CRC32	`1AD67BCD`
ssdeep	`1536:xEBprfWyvKwuY7FuG3ysXlpkXYFjW1gTc5iJoyGpM/cwua2:xEBprfWyvKwd7FPysXlpkXYFjW1gTEyY`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\questioneer-pdf.js
2480

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (10 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 18, 2021, 9:59 a.m.	computer_name: TEST22-PC	1	1	0

Executes one or more WMI queries (5 events)

wmi	select * from win32_VideoController
wmi	select * from win32_ComputerSystemProduct
wmi	select * from win32_Processor
wmi	select * from win32_ComputerSystem
wmi	select * from win32_LogicalDisk

Executes one or more WMI queries which can be used to identify virtual machines (4 events)

wmi	select * from win32_Processor
wmi	select * from win32_LogicalDisk
wmi	select * from win32_ComputerSystemProduct
wmi	select * from win32_ComputerSystem

File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 events)

Lionic	Trojan.Script.Startup.4!c
Arcabit	Trojan.Generic.D2D02B51
Cyren	JS/Agent.AUK!Eldorado
Symantec	ISB.Downloader!gen52
TrendMicro-HouseCall	TROJ_FRS.VSNTJH21
Kaspersky	HEUR:Trojan.Script.Startup.gen
BitDefender	Trojan.GenericKD.47197009
MicroWorld-eScan	Trojan.GenericKD.47197009
Ad-Aware	Trojan.GenericKD.47197009
Comodo	.UnclassifiedMalware@0
FireEye	Trojan.GenericKD.47197009
Emsisoft	Trojan.GenericKD.47197009 (B)
MAX	malware (ai score=81)
Microsoft	Trojan:JS/Tnega.AL!MTB
GData	Trojan.GenericKD.47197009