Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 08:11
6 Common Persistence M...
11.20 07:11
Zimperium Predicts Dat...
11.20 07:11
Black Friday season ha...
11.20 07:11
Ghost Tap: New cash-ou...
11.20 07:11
AI Granny Daisy takes ...
11.20 07:11
heise-Angebot: heise s...
11.20 07:11
Google Chrome: Schwach...
11.20 07:11
Apple Safari, iOS, iPa...
11.20 07:11
[UPDATE] [mittel] Pyth...
11.20 07:11
[UPDATE] [mittel] Open...

Summary | ZeroBOX

dchcfg64.exe

Gen1 Generic Malware Malicious Library Malicious Packer PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 11, 2021, 8:34 p.m.	Nov. 11, 2021, 8:34 p.m.

Size	418.7KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`beaf031df22943effaa894d980b9eade`
SHA256	`eb4e08802267ace97a0687c7776e857686408820eace05a130c67f9b25d670d3`
CRC32	`35025E14`
ssdeep	`6144:04jeeUBzxSogbMaQrhu9Ixm/pTrTVaE3fOUOhubmT5NZjPWQ4QSzBIu8fe:NjeeUBzxz9gtp1vbSSh8m`
PDB Path	C:\Jenkins_Clients\workspace\Dell_Command_Monitor_9.1_Disney\BUILD_WIN64\HAPI-prefix\src\HAPI-build\out\RelWithDebInfo\dchcfg64.pdb
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Jenkins_Clients\workspace\Dell_Command_Monitor_9.1_Disney\BUILD_WIN64\HAPI-prefix\src\HAPI-build\out\RelWithDebInfo\dchcfg64.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

text