Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.22 08:09
옥타코, MFA와 이지핑거 지문 보안키 ...
09.22 08:09
Hackfest, A New Event ...
09.22 08:09
엠클라우독, 문서 관리 및 정보보안 분야...
09.22 08:09
엘세븐시큐리티, 개인정보 차단 솔루션 시...
09.22 07:09
Examining Mobile Threa...
09.22 07:09
스패로우, SW 공급망 보안 시장서 리더...
09.22 07:09
스콥정보통신, 네트워크 자원관리 및 접근...
09.22 06:09
Unicorn2 Devblog: mmap...
09.22 06:09
국제 사이버범죄조직들에 맞서 치열한 전투...
09.22 05:09
Staffelstabübergabe de...

Summary | ZeroBOX

appx.jpg.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 11, 2023, 4:34 p.m.	Nov. 11, 2023, 4:37 p.m.

Size	776.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2b4ce8a4efe44bca4f79f8ca5a9588d8`
SHA256	`e579629f0fb73632032fe80e7f156eb7826093f6f1d07695b4d40b8833c265c1`
CRC32	`2F0C0557`
ssdeep	`24576:zjFPcsRZviJwTSRzdfgSLbirY1cO3EwNTVnS/k2:KJwmpfgONTGk2`
PDB Path	identity_helper.exe.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

identity_helper.exe.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.00cfg
section	.voltbl