Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

2.exe

UPX Malicious Library MZP Format PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 24, 2023, 7:41 a.m.	Oct. 24, 2023, 7:45 a.m.

Size	1.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ad122be61ff9f19db11fd4ff53178d09`
SHA256	`bb0e63a06e2e6607acc23172ca564b74f804e1b9aef7968b801c5a5b4e4422ca`
CRC32	`59529848`
ssdeep	`12288:bRgcdrhCHwfbv7rHMUtXe44Lzyneqtxn+9WXH3ML:bmqewfbv7IwOlLzyneqtxmWXH8`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format

Name	Response	Post-Analysis Lookup
tetromask.site

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PLMKO