Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.05 05:10
66f8f23776c09_Displaye...
10.05 02:10
mime-attachment 2
10.05 11:10
66fffb908255c_nnxin.exe
10.05 11:10
66fe13d56fd43_EdgeOUpd...
10.05 11:10
9dd06d870941.exe#d15
10.05 11:10
7f3c2473d1e6.exe#sp_vid
10.05 11:10
f2e7fcb20146.exe#sp_sl
10.05 11:10
956d73b7f041.exe#defau...
10.05 09:10
payload.msi
10.05 09:10
fedf8679e8d2.exe#d12

Latest News
10.05 05:10
Phoniebox: A Family-Fr...
10.05 04:10
Clone of TEST BLOG WIL...
10.05 03:10
Anzeige: So gelingt di...
10.05 03:10
KI verstehen mit Excel...
10.05 03:10
Apple Releases Critica...
10.05 02:10
Mechanical Switch Sci-...
10.05 11:10
This Bluetooth GATT Co...
10.05 09:10
Mac Malware with L0Pse...
10.05 09:10
타이거다즐러, 올리브영 온라인몰 입점… ...
10.05 09:10
Ben Horowitz Will Dona...

Summary | ZeroBOX

AnimalCrossing2.exe

Generic Malware UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 14, 2023, 4:08 p.m.	Aug. 14, 2023, 4:12 p.m.

Size	38.0MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`629f8ea6367bc269bd13799d249d7b5c`
SHA256	`f230fd30ea0ec454711f0616de0811fdf59eeecafbfbbc345568d972891bd9ff`
CRC32	`4F134D5B`
ssdeep	`393216:4zJjLG+AqDOPrr5g3EKd7qr12pFd5glhzHwSQ9C1Bm/B7AAtvDlA2L1MoFspkEJ7:4a8aTaxXrLYV6ycrYRaZCL`
PDB Path	C:\Users\runneradmin\AppData\Local\Temp\pkg.8e00db665f46c6668261ddec\node\out\Release\node.pdb
Yara	OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\runneradmin\AppData\Local\Temp\pkg.8e00db665f46c6668261ddec\node\out\Release\node.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)

Zillya	Trojan.Disco.Win32.7725
Kaspersky	UDS:DangerousObject.Multi.Generic