Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
When Raw Network Socke...
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...

Summary | ZeroBOX

CCleaner.exe

Emotet Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2023, 6:02 p.m.	Oct. 20, 2023, 6:04 p.m.

Size	2.6MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`15a712903d393839edde2bd426c16172`
SHA256	`46615ee15d060fbd0c1874a3a0179dcb5668cdc6d59b489a15d564e358e2c698`
CRC32	`C0FFFFC3`
ssdeep	`49152:iDjA6pGHZAMdkDi4pWzUro5tKqE9JKXLSdCFy8kwLsY1RIfH2cunBoc5YLN:Sd+sYWWcuBoc5m`
PDB Path	D:\a\1\s\x64\Release\BGInfo64.pdb
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware

CCleaner.exe "C:\Users\test22\AppData\Local\Temp\CCleaner.exe"
2580

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 20, 2023, 6:02 p.m.	computer_name: TEST22-PC	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\a\1\s\x64\Release\BGInfo64.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

RTF

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 20, 2023, 6:02 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

A process attempted to delay the analysis task. (1 event)

description

CCleaner.exe tried to sleep 660 seconds, actually delayed analysis time by 0 seconds