Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 02:11
Unraveling Raspberry R...
11.20 02:11
China’s Alibaba Market...
11.20 02:11
Intuit and H&amp;R...
11.20 02:11
Looking at the Interna...
11.20 01:11
The Vecdec Cyberdeck i...
11.20 01:11
Break Up Google? What’...
11.20 01:11
China’s CATL in Early ...
11.20 01:11
Thoma Bravo’s SailPoin...
11.20 01:11
Tiger-Backed Kong Valu...
11.20 01:11
Zscaler launches Zero ...

Summary | ZeroBOX

HelpPane.exe

Gen1 Malicious Library UPX Malicious Packer PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 11, 2021, 8:08 p.m.	Nov. 11, 2021, 8:08 p.m.

Size	1.0MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7e8faec2e175c8b45b6d380a6a4c9503`
SHA256	`42c2c94edf6f5e2e75556f455039cacd8a23bc825e8beef864b8572c3007db5a`
CRC32	`EB1219B2`
ssdeep	`12288:DGrARa7TAPZfMiuU9YAioFOVdgnFoA7aXKPXPiXuHNHGb6bH/zx/GCLW/nh/X:DBwmZ33qAioFmymA7`
PDB Path	helppane.pdb
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

helppane.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (3 events)

resource name	MUI
resource name	REGISTRY
resource name	TYPELIB