Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 05:11
Microsoft launches ‘Ze...
11.20 05:11
Bipartisan Senate bill...
11.20 04:11
Google DeGoogled, Hamm...
11.20 04:11
Google Chrome security...
11.20 04:11
Rail and pipeline repr...
11.20 04:11
SGS to Accelerate Grow...
11.20 04:11
New TSA cyber rules le...
11.20 04:11
Salesforce Plans Layof...
11.20 04:11
마이크로소프트, 이그나이트 2024 개최...
11.20 04:11
In cybersecurity bias ...

Summary | ZeroBOX

file.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 15, 2023, 3:09 p.m.	March 15, 2023, 3:12 p.m.

Size	5.1MB
Type	Zip archive data, at least v2.0 to extract
MD5	`e2dbdc78e35b9e2a41fb7a966ddf02dc`
SHA256	`c983a82de63f04867c5c20fad56419d908663a0ab6684420420f20c93cbcccfd`
CRC32	`7EBD0B40`
ssdeep	`98304:TenezqtcvLbr5efZQC9gtxx1NMxyue2Ovm5SUTCRlkdGPN6b1EEis5nL0h:TenezpHmZ/9gRLiepvmkbRudGPZsFLm`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
don-die.com	A 104.21.50.222 A 172.67.167.162	172.67.167.162

IP Address	Status	Action
104.21.50.222	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Performs some HTTP requests (2 events)

request	GET http://don-die.com/hittest.php?a=NH0goI0w1hXW19v&id=110
request	GET http://don-die.com/hittest.php?a=aElEffzR1gQfbVP&id=110

File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)

Elastic	malicious (high confidence)
FireEye	Gen:Variant.Razy.668800
VIPRE	Gen:Variant.Razy.668800
Sangfor	Suspicious.Win32.Save.a
BitDefenderTheta	AI:Packer.F33D0F471E
Avast	Win32:Evo-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Razy.668800
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Sophos	Generic ML PUA (PUA)
Emsisoft	Gen:Variant.Razy.668800 (B)
SentinelOne	Static AI - Malicious Archive
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=88)
Arcabit	Trojan.Razy.DA3480
GData	Gen:Variant.Razy.668800
AhnLab-V3	Trojan/Win.Generic.R562151
Acronis	suspicious
Zoner	Probably Heur.ExeHeaderL
Rising	Trojan.Xpack!8.16E41 (TFE:1:MBgONq0t6ZN)
AVG	Win32:Evo-gen [Trj]