Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 12:01
시몬스 침대, 카카오톡 선물하기 통해 설...
01.19 12:01
Zero Trust and Entra I...
01.19 12:01
Stealth AirTag Broadca...
01.19 12:01
US TikTok Users Get No...
01.19 09:01
하이텍 그룹, 산업방송 채널i ‘히든 챔...
01.19 09:01
I3C Bit-banging Fun fo...
01.19 09:01
IT Sicherheitsnews tae...
01.19 09:01
IT Sicherheitsnews tae...
01.19 07:01
Star Blizzard: Russisc...
01.19 07:01
Ingenieur baut KI-Waff...

Summary | ZeroBOX

vbsss.jpg.exe

Generic Malware Antivirus .NET DLL PE File DLL PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 28, 2023, 11:26 a.m.	Nov. 28, 2023, 11:28 a.m.

Size	15.0KB
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`db2ee1ea937d2e49bc3f237edde48cfb`
SHA256	`c8d85f3257d9c4f8d407bbff7677285aea9264cf2f958edd077f097093041c97`
CRC32	`9BC89460`
ssdeep	`192:PyvHLKZeWY7t2KC+cdYmgMiQE8Qrrx/iuh+bzgstX2uTVVuJUoWZ0MP:CObHHURwuh+bzgRurUo`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)

regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\vbsss.jpg.exe.dll
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 28, 2023, 11:26 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b52000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 region_size: 1441792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03e90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Elastic	malicious (high confidence)
Malwarebytes	Trojan.Downloader.MSIL.Generic
CrowdStrike	win/malicious_confidence_100% (D)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PIX
ClamAV	Win.Trojan.Bladbindi-1
Avast	MSIL:GenMalicious-CQL [Trj]
DrWeb	Trojan.DownLoaderNET.842
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Malware/Win32.RL_Generic.C3754190
Fortinet	MSIL/Injector.UWS!tr
AVG	MSIL:GenMalicious-CQL [Trj]
DeepInstinct	MALICIOUS