Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.20 04:01
strings_output.txt
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe

Latest News
01.20 07:01
Trump Pleases TikTok U...
01.20 06:01
Malware development tr...
01.20 06:01
Dillo Turns 25, and Re...
01.20 05:01
Instagram Teases New V...
01.20 05:01
Tracking Adversaries: ...
01.20 04:01
지원되지 않는 하드웨어에서 윈도우 11을...
01.20 03:01
Bambu Connect’s Authen...
01.20 03:01
TikTok to Restore Serv...
01.20 01:01
KI statt Kanzler? Drei...
01.20 01:01
Donald Trump und die T...

Summary | ZeroBOX

rise.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 18, 2023, 7:47 a.m.	Dec. 18, 2023, 8 a.m.

Size	1.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4e4e4a779e9e0e970184db551ec00e5a`
SHA256	`7151d1b29551e0e3f68d13e8aa1bf70abdf74314ed1e7cc2c52bdbf5f3cdc1c2`
CRC32	`74E8E299`
ssdeep	`49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uFnTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rise.exe "C:\Users\test22\AppData\Local\Temp\rise.exe"
1688

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
107.172.31.178	Active	Moloch
193.233.132.51	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (2 events)

host	107.172.31.178
host	193.233.132.51

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

193.233.132.51:50500