Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
T-Mobile’s Network Bre...
11.16 09:11
Spotted at Supercon: G...
11.16 09:11
IT Sicherheitsnews tae...
11.16 09:11
Bitfinex Hacker Gets 5...
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...

Summary | ZeroBOX

Info.exe

PhysicalDrive PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 26, 2023, 5:24 p.m.	June 26, 2023, 5:26 p.m.

Size	38.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`9873d7a24b69e63fee428d9fe75b9a32`
SHA256	`cfc0211f77f88db3550e7c5816a6b61ce5efe626deb9c344bcaffce695c82e38`
CRC32	`FF48A2EE`
ssdeep	`768:HyTSTZYHw/zmdFAVwVeV6Zln00EqWoCWXgs7a4E5R6XFKnID4CS:HGSBuQwF2zyFDS`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature PhysicalDrive_20181001 - (no description)

Info.exe "C:\Users\test22\AppData\Local\Temp\Info.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.00cfg

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 26, 2023, 5:17 p.m.	stacktrace: RtlFreeHeap+0x4e RtlAllocateHeap-0x152 ntdll+0x5324e @ 0x76d8324e LocalFree+0x32 LocalAlloc-0x2e kernelbase+0x1582 @ 0x7fefd4f1582 info+0x68db @ 0x13fc968db info+0x6648 @ 0x13fc96648 info+0x6b4b @ 0x13fc96b4b info+0x12e8 @ 0x13fc912e8 info+0x1156 @ 0x13fc91156 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 80 7b 0f 05 0f 84 03 aa 01 00 f6 43 0f 3f 0f 84 exception.symbol: RtlFreeHeap+0x4e RtlAllocateHeap-0x152 ntdll+0x5324e exception.instruction: cmp byte ptr [rbx + 0xf], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 340558 exception.address: 0x76d8324e registers.r14: 0 registers.r15: 0 registers.rcx: 2621440 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571616 registers.r11: 514 registers.r8: 7452827920794774416 registers.r9: 1569792 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1570984 registers.r13: 0	1	0	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 26, 2023, 5:17 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000013fc91000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

Cynet	Malicious (score: 100)
Sophos	ATK/Revenant-E
Google	Detected
DeepInstinct	MALICIOUS