Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

jhi_service.exe

Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 18, 2021, 10:38 p.m.	Nov. 18, 2021, 10:39 p.m.

Size	615.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c4f6adc632029d6e2e7f84629dc6c22b`
SHA256	`fcc3962dd9c52586d108942dc2b3b5fba1ed3e667114ecb4640e6d0b6ea97376`
CRC32	`7343E569`
ssdeep	`12288:W8bRc2gBnnxW1CFeGNf2/o0zXFtoPaCvoYl4v+j1+smUqt+M:W8dRmnxzFeGNf2A4XFt6aCvoYl4q1+7`
PDB Path	D:\buildagent-cd_8811\workspace\11934\VisualStudio\bin\x64\Universal_Release\jhi_service.pdb
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\buildagent-cd_8811\workspace\11934\VisualStudio\bin\x64\Universal_Release\jhi_service.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA