Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 01:09
재능넷, AI 기반 시각화 전문 지식 서...
09.20 01:09
[PASCON 2024-영상] 카스퍼스키...
09.20 01:09
2024-09-19 UNC1860 Ira...
09.20 01:09
Nvidia Teams Up With A...
09.20 12:09
[PASCON 2024-영상] 펜타린크 ...
09.20 11:09
ISC Stormcast For Frid...
09.20 11:09
2024-09-18 SAMBASPY Ja...
09.20 11:09
구립신내노인종합복지관, 지역사회와 함께 ...
09.20 11:09
자동차 부품 제조업체 쉽딱, '트리플X2...
09.20 11:09
[PASCON 2024-영상] 라온시큐어...

Summary | ZeroBOX

AdobeUpdate.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 17, 2022, 1:32 p.m.	Jan. 17, 2022, 1:34 p.m.

Size	2.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`aee35c2dc70abe1732fc4fc593aa6e37`
SHA256	`5847c9caee588bf5b3c9c710cd8f12aabed088becea48b79637c73732948feac`
CRC32	`64C9C312`
ssdeep	`24576:HYng7x1WeZkcJ5os5hej4Rlk4rwla/b9kD5sOz/fl8drNy:HYgtEDiCswPla6mhy`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

AdobeUpdate.exe "C:\Users\test22\AppData\Local\Temp\AdobeUpdate.exe"
2336
- Adobe-Update.exe
  2416

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\11\Adobe-Update.exe

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

McAfee	Artemis!AEE35C2DC70A
Cylance	Unsafe
ESET-NOD32	a variant of Win64/Agent.NE
Paloalto	generic.ml
Cynet	Malicious (score: 100)
McAfee-GW-Edition	Artemis!Trojan
Gridinsoft	SUSP.Double_Encoded.bot!yf
Microsoft	Trojan:Script/Wacatac.B!ml
Rising	Trojan.Agent!8.B1E (CLOUD)

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\11\Adobe-Update.exe