Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 22, 2023, 2:33 p.m.	Aug. 22, 2023, 2:33 p.m.

Size	616.5KB
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`fe1097b9754d8e3c54c7f54c68c4dabd`
SHA256	`0442c122d6e81814ff1393a1cf430a4173acdf1b9df8228fe7bd3fc32455a9cc`
CRC32	`BD198DEC`
ssdeep	`12288:nbHoJMjhwwvAQ4c3wSlnJTrmONFV7iDpSpyNlTgibIUdzhnQawN/JsjHz:nbHoJMjx4c3wcFZSSpyNlcixzNQa0/m`
Yara	Malicious_Library_Zero - Malicious_Library mzp_file_format - MZP(Delphi) file format PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer

regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,APQGYdJtrkXhXkwzKFBCTvI
2636
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AJnzwdBqMvQICBAjnC
2552
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AQuPFhYruxzxA
2728
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AbBwdZitlWefdERaOavJlIen
2816
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AbPYWiwTVDHFpfYBJn
2908
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AfvxTJEA
3004
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,AvxJWNrnX
2076
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,BUERlq
2188
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,Bqptqdk
2548
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,BslfqQGNXqTuUepvauCkQ
2668
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,CNsPbULXjYvkd
2876
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,CXSfiCTm
812
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,CfdextKrifuW
2320
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,CfsWcZWQVlifNwBDgGRZIqif
2664
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,CgdlGBNRFRzTzmfguqz
2072
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,ClqIyzBkLjDFLJ
2312
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DCLGmuYl
2052
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DCQZVUAVgMiARD
2672
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DEaqEFNRtMCaaVnaAUQtMbKum
3048
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DIXpgfZZxsBhi
2944
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DJFaUyIipeGIfwlkpX
2760
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DVPdiFeTcDmXs
3200
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DhYIKjxmGGYY
3308
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DiwnEUvduBkM
3436
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DllRegisterServer
3616
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,DrgYCMNiVbrUGwRTpRdvxI
3744
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EEjaFHKntpLIhbdTrDK
3876
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EdTDhMMiYAFBShyYKs
3984
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EkMGlO
2688
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EnsJjCOccyCjAVZkRnVMDMVZ
3220
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EpwzPNUZHdojuinzfIpfYQ
3404
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,EyuImeQbPHMFKzOFVqc
3576
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FJAVswpuwGKsMXPsiiQRYv
3720
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FOWbUDfELrAQAEKqJf
3912
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FQLPnQNLD
4092
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FQbFKHXX
3336
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FWSKyRQMOuWSm
3528
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FWVdsLrtEVBzLaCmZNEpx
3688
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FeGqog
4076
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FkcAXdH
3284
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,FqDNSXzugPznspUD
3492
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,GQAlasmiaEy
4000
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,GQjtxdyXvtsqdfVrQBqm
3208
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,GdiMTODVmsR
3948
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,GxxJJdRIqTBJAMnBIcxq
3796
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,HOnlfLBWkQCooC
2992
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,HWTqOVHRABB
3628
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,IOMcKFaJXihdqDAogVN
1152
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,IpoojIRy
4172
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,IvvQFcaABzyyLhduvbY
4280
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JFrkuFzJMrWvkaYOQlJ
4400
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JUBJYfmZGotuEKSafNPlGEAMy
4508
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JheZxhw
4632
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JkoaHQBWgZLoeIqdRFVkMlq
4756
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JlscSxwnKrxRmaJ
4888
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JpqPCRXJWOy
4992
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,JvcfiztFAuNa
4168
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KStKTzwWJbprlqO
4252
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KWLauUGkNHofayeYLCFSpOfuXl
4448
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KYEVLHhbRMHw
4672
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KZwwxlBTSHOg
4868
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KnTTKeu
4932
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KrldazbljxeAJoh
4216
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KvQcPVBCIwQMISVMmy
4500
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KwTVqLAsKCaCz
4864
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KyLhcvzfifBtOE
4980
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,KzpAtJXTRJRN
4104
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,LDldVNlhAieNMMtCa
4740
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,LXxoKBfNdArZYQncLEi
5096
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,LbGmmSnPyxEOeYshUChQLjrUg
4464
regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\pzOEfyaZPW1OyO690Z19HEU7.dll,LjYfYsPmJSQelB
4416

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 22, 2023, 2:33 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.rodata

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

KKSXQOO

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002be00', u'virtual_address': u'0x00086000', u'entropy': 7.834631838647657, u'name': u'.rsrc', u'virtual_size': u'0x0002be00'}

entropy

7.83463183865

description

A section with a high entropy has been found

entropy

0.285598047193

description

Overall entropy of this PE file is high

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Emotet.L!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.65826850
CAT-QuickHeal	Trojan.EmotetP.S30112903
ALYac	Trojan.Agent.Emotet
Malwarebytes	Trojan.Crypt
VIPRE	Trojan.GenericKD.65826850
Sangfor	Spyware.Win64.Emotet.Vg5t
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanBanker:Win64/Emotet.3ef836a5
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D3EC7022
VirIT	Trojan.Win64.Agent.LV
Cyren	W64/Emotet.EMZ.gen!Eldorado
Symantec	Trojan.Emotet
ESET-NOD32	Win64/Emotet.AH
Cynet	Malicious (score: 100)
Paloalto	generic.ml
Kaspersky	Trojan-Banker.Win64.Emotet.cmsv
BitDefender	Trojan.GenericKD.65826850
NANO-Antivirus	Trojan.Win64.Emotet.jvpnnr
Avast	Win64:BankerX-gen [Trj]
Tencent	Malware.Win32.Gencirc.11881950
Emsisoft	Trojan.GenericKD.65826850 (B)
F-Secure	Trojan.TR/AD.Nekark.aathz
DrWeb	Trojan.Emotet.1307
Zillya	Trojan.Emotet.Win64.704
TrendMicro	TrojanSpy.Win64.EMOTET.YXDCGZ
McAfee-GW-Edition	BehavesLike.Win64.Infected.jh
FireEye	Trojan.GenericKD.65826850
Sophos	Troj/Emotet-DCR
Webroot	W32.Trojan.Emotet
Avira	TR/AD.Nekark.aathz
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Win64.Emotet
Xcitium	Malware@#8mh93bbzg2cs
Microsoft	Trojan:Win64/Emotet.AL!MTB
ZoneAlarm	Trojan-Banker.Win64.Emotet.cmsv
GData	Trojan.GenericKD.65826850
Google	Detected
AhnLab-V3	Trojan/Win.Emotet.R561240
McAfee	Artemis!FE1097B9754D
VBA32	TrojanBanker.Emotet
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win64.EMOTET.YXDCGZ
Rising	Trojan.EmotetPacker!8.17C98 (TFE:5:ka4BrXeH7r)
Ikarus	Trojan-Spy.Emotet
MaxSecure	Trojan.Malware.203077062.susgen

pzOEfyaZPW1OyO690Z19HEU7.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All