Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 01:04
Swift_copy.exe
04.30 01:04
test.html
04.30 01:04
pusy.pdf.lnk
04.30 01:04
pussy.html
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...

Latest News
04.30 01:04
레퍼런스체크코리아, 커리어플랜과 전략적 ...
04.30 01:04
킹메이커, 약국 특화 마케팅으로 평균 매...
04.30 01:04
중국의 '은밀한 위협', 전기차 배터리가...
04.30 12:04
포유디지탈, 초록우산 울산지역본부 아동 ...
04.30 12:04
ISC Stormcast For Wedn...
04.30 12:04
'디지털 요새' 사이버 바티칸, 교황 선...
04.30 12:04
공중 전장 판도 바꿀 6세대 전투기 개발...
04.30 12:04
KAI, 정부추진 ‘6G 저궤도 위성통신...
04.30 12:04
민·관·군, 미래 첨단 무기체계 운용 ...
04.30 12:04
SKT 사용 삼성 임원, "유심 교체"…...

Summary | ZeroBOX

KoverV2_launch.exe

Gen1 Malicious Library UPX Anti_VM PE64 PE File OS Processor Check DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 22, 2023, 3:43 p.m.	Jan. 22, 2023, 4:04 p.m.

Size	6.4MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c536233b2a3d1b3684234d7a06e3c13b`
SHA256	`53baaf9bd0f49630860bb54752927876799f069250fba2856e76042353996013`
CRC32	`A770652B`
ssdeep	`196608:z8DGXkFICteErowCzlxZV3Gu5D4S26cBCS3dR4Gc1d:ABInEro/14S2HBwGcz`
Yara	OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) UPX_Zero - UPX packed file

KoverV2_launch.exe "C:\Users\test22\AppData\Local\Temp\KoverV2_launch.exe"
2556
- KoverV2_launch.exe "C:\Users\test22\AppData\Local\Temp\KoverV2_launch.exe"
  2696

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 22, 2023, 3:36 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25562\pywin32_system32\pywintypes310.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25562\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25562\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25562\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25562\python310.dll

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

APEX	Malicious
Cynet	Malicious (score: 100)
FireEye	Generic.mg.c536233b2a3d1b36
Gridinsoft	Ransom.Win64.Wacatac.oa!s1
Acronis	suspicious