Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

dasf.exe

Malicious Library UPX OS Processor Check PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 1, 2023, 8 a.m.	Aug. 1, 2023, 8:02 a.m.

Size	1001.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`89ef9f770753ea98cde8dd221b71f510`
SHA256	`67aa172caed83272300ae72ef7caf0f892170c2bfa347c991b19f7ad3dd3912d`
CRC32	`A0782FBC`
ssdeep	`24576:2osUGTCe/6HobDxOtTSHEMWTzktQPzMWTX8LsQKAoFUWDNnD1ETq/umX:GZR/6Ho/xOtjwOIQAQ1ET1mX`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

dasf.exe "C:\Users\test22\AppData\Local\Temp\dasf.exe"
2432

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
194.169.175.124	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

194.169.175.124

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

194.169.175.124:50500