Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 08:11
122 million people’s b...
11.15 08:11
Angry Judge Questions ...
11.15 08:11
122 million people&amp...
11.15 07:11
FCC to soon announce l...
11.15 07:11
Michael Burry Boosts C...
11.15 07:11
Thomas Kurtz, Co-Creat...
11.15 06:11
Malware Spotlight: A ...
11.15 06:11
Disney's Streaming Suc...
11.15 06:11
Applied Materials Fore...
11.15 06:11
Bluetooth Dongle Gives...

Summary | ZeroBOX

Install Updater (win-stable)-compatibility(mac).lnk

Generic Malware GIF Format

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 11, 2023, 4:08 p.m.	Aug. 11, 2023, 4:10 p.m.

Size	1.0KB
Type	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=45, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5	`f1c8a94d79296f81464b3ebd5c84450e`
SHA256	`bd57ea615b78f9f5232d8019274b4015aa1527ba5ce50e260a1a669baf05ece0`
CRC32	`1DDC9287`
ssdeep	`12:8MFm/3BVSXvk4RnK9hRNSyW+UcZRNSD8Ded6aVcdSrKrxl7DiN37+lbYql4HXTr:8t/ByKne+/lkIyXVqpl7arab/2XT`
Yara	Lnk_Format_Zero - LNK Format Generic_Malware_Zero - Generic Malware

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LwqWIyQtgUYB" "C:\Users\test22\AppData\Local\Temp\Install Updater (win-stable)-compatibility(mac).lnk"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 11, 2023, 4:08 p.m.	buffer: Access is denied. console_handle: 0x0000000b	1	1	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceW Aug. 11, 2023, 4:08 p.m.	number_of_free_clusters: 3252701 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \\?\Volume{c2d901c4-0706-11e8-912e-806e6f6e6963}\ total_number_of_clusters: 8362495	1	1	0

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\Install Updater (win-stable)-compatibility(mac).lnk

Harvests credentials from local email clients (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities\FileAssociations