Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 06:09
Israel Shifts War Focu...
09.20 06:09
Xbox’s President on Ha...
09.20 06:09
아우토크립트, 교통올림픽 ‘ITS 월드 ...
09.20 06:09
[PASCON 2024-영상] SGA솔루...
09.20 06:09
China Cracks Down on I...
09.20 06:09
Crypto Ads Flood India...
09.20 05:09
토큰증권 플랫폼 펀블, ‘현대테라타워DM...
09.20 05:09
아르띠앙서울 갤러리, 고형지 개인전 'L...
09.20 05:09
Nach Cyberangriff: Dr....
09.20 05:09
Gebunkert – Datenspeic...

Summary | ZeroBOX

chromium.exe

Malicious Library UPX PE32 PE File DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 28, 2023, 5:36 p.m.	July 28, 2023, 5:45 p.m.

Size	420.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`71bc10004d1b0408375de806d4530983`
SHA256	`e507395aaccab20998986f9faee7d557014aa7fc9adf3a856d54b52962797a4f`
CRC32	`41E89E73`
ssdeep	`6144:6Be337n8xkABZYQkh6IdqIk4FxcXJ9KCiexJEII9otc3iGFGC8:37LABZYQkh6IdW6wKCpxJm9o+yGFl8`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

chromium.exe "C:\Users\test22\AppData\Local\Temp\chromium.exe"
2052

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 28, 2023, 5:36 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 28, 2023, 5:36 p.m.	process_identifier: 2052 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 28, 2023, 5:36 p.m.	process_identifier: 2052 region_size: 46514176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03b70000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsrC4A4.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsrC4A4.tmp\System.dll

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Bkav	W32.AIDetectMalware
CrowdStrike	win/malicious_confidence_90% (W)
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Guloader.gen
TrendMicro	Trojan.Win32.GULOADER.YXDG2Z
McAfee-GW-Edition	Artemis
Trapmine	suspicious.low.ml.score
ZoneAlarm	HEUR:Trojan.Win32.Guloader.gen
Malwarebytes	Trojan.GuLoader.NSIS
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDG2Z
DeepInstinct	MALICIOUS