Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...

Summary | ZeroBOX

rainbow_loop.exe

PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 9, 2023, 4:57 p.m.	Aug. 9, 2023, 5:01 p.m.

Size	2.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d6dc6b4155cfc36fe8ea78aa82949533`
SHA256	`f08804639b16a4f20eee9a183f8591727143da8262410acbbec5b38beb3f2d8d`
CRC32	`E936326B`
ssdeep	`12:e/1GSGMO9lmXnlcHSxbZffiZYcjQvpGnik6g8kXiYr:e/1GSNcl9yxVHiOGupG1r`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

rainbow_loop.exe "C:\Users\test22\AppData\Local\Temp\rainbow_loop.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

rainbow_loop.exe tried to sleep 124 seconds, actually delayed analysis time by 102 seconds

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

Bkav	W32.AIDetectMalware
McAfee	Artemis!D6DC6B4155CF
Sangfor	Trojan.Win32.Agent.Vxqv
CrowdStrike	win/malicious_confidence_70% (W)
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfee-GW-Edition	BehavesLike.Win32.Infected.xz
Trapmine	suspicious.low.ml.score
Avira	TR/Crypt.XPACK.Gen
Microsoft	Program:Win32/Wacapew.C!ml
BitDefenderTheta	Gen:NN.ZexaF.36348.amW@aKa4ckg
Rising	Trojan.Generic@AI.100 (RDML:9kpc4JU3cFxTTZmVbc9MSw)
Fortinet	W32/PossibleThreat
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.421abf
DeepInstinct	MALICIOUS