Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.23 12:09
카스퍼스키, 클라우드·엔드포인트·OT 보...
09.22 11:09
Lula Seeks to Lead Pus...
09.22 11:09
Emoji-Erweiterung: Ach...
09.22 11:09
Slack wird noch smarte...
09.22 11:09
지란지교데이터, 개인정보 비식별화와 AI...
09.22 11:09
Robotic Touch Using a ...
09.22 10:09
좋을, IT외주인력 보안관리의 새로운 패...
09.22 10:09
잉카인터넷, 엔드포인트 중앙 관리 보안 ...
09.22 09:09
인스피언, SAP 개인정보보호 솔루션과 ...
09.22 09:09
Apple’s New iPhone 16 ...

Summary | ZeroBOX

vbsss.jpg.exe

Generic Malware Antivirus .NET DLL PE File DLL PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 28, 2023, 11:26 a.m.	Nov. 28, 2023, 11:28 a.m.

Size	15.0KB
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`db2ee1ea937d2e49bc3f237edde48cfb`
SHA256	`c8d85f3257d9c4f8d407bbff7677285aea9264cf2f958edd077f097093041c97`
CRC32	`9BC89460`
ssdeep	`192:PyvHLKZeWY7t2KC+cdYmgMiQE8Qrrx/iuh+bzgstX2uTVVuJUoWZ0MP:CObHHURwuh+bzgRurUo`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)

regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\vbsss.jpg.exe.dll
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 28, 2023, 11:26 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b52000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 region_size: 1441792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03d70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 28, 2023, 11:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03e90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Elastic	malicious (high confidence)
Malwarebytes	Trojan.Downloader.MSIL.Generic
CrowdStrike	win/malicious_confidence_100% (D)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PIX
ClamAV	Win.Trojan.Bladbindi-1
Avast	MSIL:GenMalicious-CQL [Trj]
DrWeb	Trojan.DownLoaderNET.842
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Malware/Win32.RL_Generic.C3754190
Fortinet	MSIL/Injector.UWS!tr
AVG	MSIL:GenMalicious-CQL [Trj]
DeepInstinct	MALICIOUS