Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 04:09
Metasploit Weekly Wrap...
09.21 03:09
Fixing an Elgato HD60 ...
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...

Summary | ZeroBOX

mjifi

Gen1 Malicious Library UPX PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 20, 2023, 7:58 a.m.	July 20, 2023, 7:58 a.m.

Size	93.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`551c155f4fce82bba4cc92e56f1ecb84`
SHA256	`6abe94df833ec0e6d145429bba99fdca9ad3fcbb685a432b20c04f74de9a42a5`
CRC32	`08E1EE1A`
ssdeep	`1536:297aJ0EPusaVPSHY1WmsZz/oSVNwNtK0F1NbpSVOTlyZ8H3:AM0EPuhKHxrZz8L5wV6M`
PDB Path	ALG.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

ALG.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	MUI
resource name	REGISTRY