Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.08 05:11
locker.exe
11.08 05:11
PowerView.ps1
11.08 05:11
cred64.dll
11.08 05:11
ngrok.exe
11.08 05:11
CollosalLoader.exe
11.08 05:11
SharpHound.exe
11.08 05:11
Reaper%20cfx%20Spoofer...
11.08 05:11
dxwebsetup.exe
11.08 05:11
hell9o.exe
11.08 05:11
jerniuiopu.exe

Latest News
11.11 03:11
Component Tester Teardown
11.11 03:11
JPMorgan Braces for ‘I...
11.11 02:11
Zipdump & PKZIP Re...
11.11 12:11
Strom und Heizkosten i...
11.11 12:11
Koffein-Tracking per A...
11.11 12:11
Ryzen 7 9800X3D: AMDs ...
11.11 12:11
Ethische KI: Wie Fairn...
11.10 11:11
Apple’s Future Hinges ...
11.10 09:11
Building a DIY Nipkow ...
11.10 07:11
Windows-Update für Win...

Summary | ZeroBOX

sorets.exe

UPX Malicious Library OS Processor Check PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 25, 2023, 3:58 p.m.	Sept. 25, 2023, 4:01 p.m.

Size	306.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5a8f349a7cd1fd600ea613181769116`
SHA256	`14358217c3dd9cf67eec68a8ae1e3c03d64cfab418b6a18f6b02093dffb346dc`
CRC32	`49FBE399`
ssdeep	`3072:XscMrR0xR/agneNMJHEWduUeMDZVls39dRybMeWZXyGHh+:cck0P/agneNMZEW19K9QMeWQ`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

sorets.exe "C:\Users\test22\AppData\Local\Temp\sorets.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AFX_DIALOG_LAYOUT

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 25, 2023, 3:58 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a1c000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 25, 2023, 3:58 p.m.	process_identifier: 2556 region_size: 106496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0