Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Summary | ZeroBOX

auto.dll

Generic Malware PE64 PE File DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 13, 2023, 4:51 p.m.	April 13, 2023, 4:51 p.m.

Size	1.6MB
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`f983bbe67c157f9debd63b5d434982a0`
SHA256	`f3eb93c37e708dbe46a47182b5d5f7b4b1ce49ac667405d28996c1e029761e77`
CRC32	`5401E1BC`
ssdeep	`49152:p0xMzCdy2p487NpszY17wCRB8JFOHQyvFgu:+2zHL8pqE18o8HOw`
Yara	Generic_Malware_Zero - Generic Malware IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\auto.dll,main
2552
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\auto.dll,main
  2696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\auto.dll,
2636

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA April 13, 2023, 4:48 p.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 13, 2023, 4:48 p.m.	process_identifier: 2696 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (11 events)

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x00001000', u'entropy': 7.720970914279705, u'name': u'', u'virtual_size': u'0x00002000'}

entropy

7.72097091428

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0003ac00', u'virtual_address': u'0x00003000', u'entropy': 7.999174541699886, u'name': u'', u'virtual_size': u'0x0003b000'}

entropy

7.9991745417

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x0003e000', u'entropy': 7.5344715644251865, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.53447156443

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x0003f000', u'entropy': 7.551313191574051, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.55131319157

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00040000', u'entropy': 7.495629132079966, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.49562913208

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00043000', u'entropy': 7.484426079276523, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.48442607928

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00044000', u'entropy': 7.451633347023571, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.45163334702

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00046000', u'entropy': 7.50661781291854, u'name': u'', u'virtual_size': u'0x00001000'}

entropy

7.50661781292

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0003be00', u'virtual_address': u'0x00047000', u'entropy': 7.999069396565351, u'name': u'', u'virtual_size': u'0x004ba000'}

entropy

7.99906939657

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0012c200', u'virtual_address': u'0x00501000', u'entropy': 7.981202973800225, u'name': u'', u'virtual_size': u'0x0012d000'}

entropy

7.9812029738

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.f983bbe67c157f9d
CrowdStrike	win/malicious_confidence_90% (W)
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Agen-7623769-0
Kaspersky	UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition	BehavesLike.Win64.Dropper.tc
Sophos	Generic ML PUA (PUA)
Webroot	W32.Malware.Gen
Antiy-AVL	GrayWare/Win32.Wacapew
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Backdoor.Win64.C4.ir
Google	Detected
McAfee	Artemis!F983BBE67C15
Cylance	unsafe
Ikarus	Win32.Outbreak
Fortinet	W32/PossibleThreat