Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

fontdrvhost.exe

Gen1 Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 18, 2021, 10:32 p.m.	Nov. 18, 2021, 10:33 p.m.

Size	659.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`24e31b259b9acb714b925d0830504123`
SHA256	`45b8da33889982e8f93b9409b1f02e4ba063eb72f88c5ee67810ae02a53ec18e`
CRC32	`50EE4BB4`
ssdeep	`12288:oAs1/GlNIu89oY6zUmb3fQ7yIvJS++/kFX9xVf5qPBaX10bxS:oAs1/GpFp3omUS++/U2`
PDB Path	fontdrvhost.pdb
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

fontdrvhost.pdb