Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

llaa25.exe

Malicious Packer Malicious Library PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 23, 2023, 9:42 a.m.	May 23, 2023, 9:44 a.m.

Size	210.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b44b3fd2f45d55238c7e11df70148a9f`
SHA256	`0fbeaa3d0492f83c2351aa8f91c429f063700d1fee4aa355e439c0862f6bb41f`
CRC32	`665F2F5D`
ssdeep	`3072:OPVosEAHkKqUa9antF5hvvJkeXp2QhHkKqUa9antF5hvvJkeXpx:uHEKq99UF5hvvfjhEKq99UF5hvvf`
PDB Path	cleanmgr.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

cleanmgr.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MUI

File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 events)

MicroWorld-eScan	Trojan.GenericKD.67172011
McAfee	Artemis!B44B3FD2F45D
Symantec	Trojan.Gen.2
APEX	Malicious
Kaspersky	Trojan-Downloader.Win32.Agent.xyatyd
McAfee-GW-Edition	Artemis!Trojan
Webroot	W32.Trojan.Gen
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan-Downloader.Win32.Agent.xyatyd
Rising	Downloader.Agent!8.B23 (CLOUD)
DeepInstinct	MALICIOUS