Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...

Summary | ZeroBOX

elevator.exe

Malicious Library UPX OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 22, 2023, 9:41 p.m.	July 22, 2023, 9:43 p.m.

Size	315.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`5f6c86ec159f2b0d99f88bc3c3c6a641`
SHA256	`4348d0d550e739807bfdd89524fbeb7f4300193f4cb9aa5a62dc219640be59a2`
CRC32	`62A95A2A`
ssdeep	`3072:9+bwPB64+8ZFjwMVuG74CHy/8c77uv6tvkNN0P3ohdeaEK8aTVcZIaKW:9+bwp64JjtVuG7Hy/7uv6tvNPVs+K`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

elevator.exe "C:\Users\test22\AppData\Local\Temp\elevator.exe"
1540

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW July 22, 2023, 9:34 p.m.	buffer: USAGE: Elevator.exe [OPTIONS] <COMMAND> ARGS: <COMMAND> Command line to run. OPTIONS: -h, --help Print help information. -n, --new-console Set CREATE_NEW_CONSOLE flag for the new process. console_handle: 0x0000000000000007	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

Bkav	W32.Common.B8F4F5DE
Elastic	malicious (moderate confidence)
McAfee	Artemis!5F6C86EC159F
Malwarebytes	Malware.AI.1069905642
VirIT	Trojan.Win64.Agent.IL
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win64:Malware-gen
McAfee-GW-Edition	BehavesLike.Win64.Injector.fh
Antiy-AVL	Trojan/Win32.Sabsik
Gridinsoft	Ransom.Win64.Sabsik.oa!s1
Microsoft	VirTool:Win32/Elevator.A
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Trojan/Win.Generic.C5385452
Cylance	unsafe
Rising	Trojan.Sdum!8.1155F (TFE:5:wfZBXt833vN)
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
DeepInstinct	MALICIOUS