Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 10:11
Understanding and Iden...
11.13 10:11
Using Bitsight Cyberse...
11.13 10:11
Avoid the URL Phishing...
11.13 10:11
Microsoft 365: Guide T...
11.13 10:11
Accel Leads $145 Milli...
11.13 10:11
Super Micro Delays Ano...
11.13 10:11
Study Reveals Security...
11.13 10:11
Microsoft’s November 2...
11.13 10:11
Microsoft Patchday Nov...
11.13 10:11
Intel Prozessor (Xeon)...

Summary | ZeroBOX

CCleaner.exe

Emotet Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2023, 6:02 p.m.	Oct. 20, 2023, 6:04 p.m.

Size	2.6MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`15a712903d393839edde2bd426c16172`
SHA256	`46615ee15d060fbd0c1874a3a0179dcb5668cdc6d59b489a15d564e358e2c698`
CRC32	`C0FFFFC3`
ssdeep	`49152:iDjA6pGHZAMdkDi4pWzUro5tKqE9JKXLSdCFy8kwLsY1RIfH2cunBoc5YLN:Sd+sYWWcuBoc5m`
PDB Path	D:\a\1\s\x64\Release\BGInfo64.pdb
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware

CCleaner.exe "C:\Users\test22\AppData\Local\Temp\CCleaner.exe"
2580

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 20, 2023, 6:02 p.m.	computer_name: TEST22-PC	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\a\1\s\x64\Release\BGInfo64.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

RTF

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 20, 2023, 6:02 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

A process attempted to delay the analysis task. (1 event)

description

CCleaner.exe tried to sleep 660 seconds, actually delayed analysis time by 0 seconds