Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 03:09
Fixing an Elgato HD60 ...
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...

Summary | ZeroBOX

jk.dll

Malicious Library OS Processor Check CAB MSOffice File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 22, 2023, 7:47 a.m.	Sept. 22, 2023, 7:49 a.m.

Size	13.7MB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {51983740-96CD-FB57-8B4E-C4DA0C2C121D}, Create Time/Date: Fri Sep 1 23:29:12 2023, Last Saved Time/Date: Fri Sep 1 23:29:12 2023, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
MD5	`61422a35afb21b453b824c22f44501ac`
SHA256	`02fe5666613f62c6e067b33f7194b2e1f9cf523cc47e25d0f82a8a001471f829`
CRC32	`A16F568B`
ssdeep	`196608:NkUKpnSrFjkUKpnRkUKpnjkUKpnukUKpnN:jMnSrMnvMnNMnkMnN`
Yara	Malicious_Library_Zero - Malicious_Library Microsoft_Office_File_Zero - Microsoft Office File CAB_file_format - CAB archive file OS_Processor_Check_Zero - OS Processor Check

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "iYxNOhPj" C:\Users\test22\AppData\Local\Temp\jk.dll
2580

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)

Zillya

Trojan.Stealer.Win32.37991