Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.22 08:09
옥타코, MFA와 이지핑거 지문 보안키 ...
09.22 08:09
Hackfest, A New Event ...
09.22 08:09
엠클라우독, 문서 관리 및 정보보안 분야...
09.22 08:09
엘세븐시큐리티, 개인정보 차단 솔루션 시...
09.22 07:09
Examining Mobile Threa...
09.22 07:09
스패로우, SW 공급망 보안 시장서 리더...
09.22 07:09
스콥정보통신, 네트워크 자원관리 및 접근...
09.22 06:09
Unicorn2 Devblog: mmap...
09.22 06:09
국제 사이버범죄조직들에 맞서 치열한 전투...
09.22 05:09
Staffelstabübergabe de...

Summary | ZeroBOX

wsclient.1.25.win.03.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 15, 2023, 7:44 a.m.	Nov. 15, 2023, 7:52 a.m.

Size	324.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b27323c59498426807574a20824ac525`
SHA256	`df5397b08e1b72fbf42290033aa11934e895488c93b76e608542fbb49d2e0f98`
CRC32	`09A72202`
ssdeep	`6144:tE4bq2jLXveqB+HcDYjOHBhpbiQ4UdnZYrOCa0PEIfuQrk:tEwq2PXvy0YOjpbiQ3nZSPEIfe`
PDB Path	C:\Dropbox\work\_starvpn\new_wsclient\build\win\Release\wsclient.pdb
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

wsclient.1.25.win.03.exe "C:\Users\test22\AppData\Local\Temp\wsclient.1.25.win.03.exe"
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Dropbox\work\_starvpn\new_wsclient\build\win\Release\wsclient.pdb

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 15, 2023, 7:44 a.m.	stacktrace: wsclient+0x28323 @ 0xd8323 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8a 18 3a 1a 75 1a 84 db 74 12 8a 58 01 3a 5a 01 exception.symbol: wsclient+0x3560 exception.instruction: mov bl, byte ptr [eax] exception.module: wsclient.1.25.win.03.exe exception.exception_code: 0xc0000005 exception.offset: 13664 exception.address: 0xb3560 registers.esp: 4520636 registers.edi: 0 registers.eax: 0 registers.ebp: 4521180 registers.edx: 1036784 registers.ebx: 2130567168 registers.esi: 1 registers.ecx: 0	1	0	0