Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

Personal.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 25, 2023, 10:18 a.m.	May 25, 2023, 10:21 a.m.

Size	442.4KB
Type	Zip archive data, at least v2.0 to extract
MD5	`05eb7152bc79936bea431a4d8c97fb7b`
SHA256	`780192de36d754945488f994f97a6ad9cecf57289234477e758d1c3d21fb8c9b`
CRC32	`86B402EC`
ssdeep	`12288:uyllLViInKdWLMNgfB3tB6llLViInKdWLMNgfB3tpU33n:eoKd9iToKd9iY33n`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
elfinindia.com	A 162.241.85.104	162.241.85.104

IP Address	Status	Action
162.241.85.104	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49169 -> 162.241.85.104:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49170 -> 162.241.85.104:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.241.85.104:443 -> 192.168.56.102:49172	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 events)

FireEye	Heur.BZC.YAX.Nioc.1.063B846E
CAT-QuickHeal	LNK.APT.43736
Arcabit	Heur.BZC.YAX.Nioc.1.063B846E
BitDefender	Heur.BZC.YAX.Nioc.1.063B846E
Emsisoft	Heur.BZC.YAX.Nioc.1.063B846E (B)
VIPRE	Heur.BZC.YAX.Nioc.1.063B846E
GData	Heur.BZC.YAX.Nioc.1.063B846E
MAX	malware (ai score=88)
Zoner	Probably Heur.LNKScript
Rising	Downloader.Mshta/LNK!1.BADA (CLASSIC)
Fortinet	LNK/Agent.AHY!tr.dldr