Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...
11.16 07:11
Senators Call for Prob...
11.16 06:11
Microsoft Windows NTLM...
11.16 06:11
Drinking water systems...
11.16 06:11
Mögliches Destatis-Dat...

Summary | ZeroBOX

LewdEarth.exe

Generic Malware UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 10, 2023, 7:42 a.m.	July 10, 2023, 7:45 a.m.

Size	46.9MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`0db6389f259acb930d7a6bd811c3ad8d`
SHA256	`a0af6dc55130bd6ce80bf5f383cd78d3080da1e5f98f7e2266178a064e7af602`
CRC32	`70679CCC`
ssdeep	`786432:xtakRWH1pLxgJqrYW1zC8MQdHx6IVswnbOo52FsNW:xQkQPlaMpC8MQGnl1FoW`
PDB Path	C:\Users\runneradmin\AppData\Local\Temp\pkg.4b617e9855c76174801a6ed1\node\out\Release\node.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware

LewdEarth.exe "C:\Users\test22\AppData\Local\Temp\LewdEarth.exe"
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\runneradmin\AppData\Local\Temp\pkg.4b617e9855c76174801a6ed1\node\out\Release\node.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

Symantec	ML.Attribute.HighConfidence
Avast	Win64:MiscX-gen [PUP]
AVG	Win64:MiscX-gen [PUP]