Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 10:11
메타인입시컨설팅, 고3 대상 11월 맞춤...
11.15 10:11
위글위글, 전국 매장 ‘미리 크리스마스’...
11.15 10:11
아르콘-한경기획 MOU 체결...F&am...
11.15 10:11
Google fixes 2 Vertex ...
11.15 10:11
위지윅스튜디오, 콘텐츠·뉴미디어 사업 성...
11.15 09:11
동방사회복지회, 여성 한부모와 자녀 위한...
11.15 09:11
코위크위더스, 회원 수 3만 명 돌파 기...
11.15 09:11
㈜클린앤환경, 24시간 논스톱 클린 서비...
11.15 09:11
호스트센터, '2024 K-Awards'...
11.15 09:11
시즘 가열식 가습기, 한국소비자평가 가습...

Summary | ZeroBOX

ssh-keygen.txt

ScreenShot AntiVM AntiDebug

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 14, 2023, 2:08 a.m.	Aug. 14, 2023, 2:10 a.m.

Size	1.8MB
Type	Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|WEAK_DEFINES\|BINDS_TO_WEAK\|PIE>
MD5	`7ce66b739995fd30cec1a25636f2579a`
SHA256	`01257b63143b981bd39dda42f6567ed4788298887044b30183562d636547cde9`
CRC32	`F4C6866C`
ssdeep	`24576:6ndCAy8dpRy76xgrPu09/0Mic3YaeM6g6gFPMFmabqCtmYSvroR:6nIKy76erBSMFbogFPMFmabqXoR`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "pTvBLHHAAttC" C:\Users\test22\AppData\Local\Temp\ssh-keygen.txt
2552
- notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\test22\AppData\Local\Temp\ssh-keygen.txt
  2660

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 14, 2023, 2:08 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 14, 2023, 2:08 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c2000 process_handle: 0xffffffff	1	0	0

Yara rule detected in process memory (9 events)

description	Take ScreenShot				rule	ScreenShot
description	(no description)				rule	DebuggerCheck__GlobalFlags
description	(no description)				rule	DebuggerCheck__QueryInfo
description	(no description)				rule	DebuggerHiding__Thread
description	(no description)				rule	DebuggerHiding__Active
description	(no description)				rule	ThreadControl__Context
description	(no description)				rule	SEH__vectored
description	Checks if being debugged				rule	anti_dbg
description	Bypass DEP				rule	disable_dep