Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 05:11
[Control systems] Siem...
11.14 05:11
OpenAI Nears Launch of...
11.14 04:11
Execs identify AI-driv...
11.14 04:11
Intel security advisor...
11.14 04:11
Trump administration s...
11.14 04:11
A Security-First Appro...
11.14 04:11
FLOSS Weekly Episode 8...
11.14 04:11
Safer with Google: New...
11.14 04:11
These Guys Hacked AirP...
11.14 04:11
Sonatype recognized as...

Summary | ZeroBOX

timeSync.exe

UPX Malicious Library OS Processor Check PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 21, 2024, 7:14 a.m.	March 21, 2024, 7:19 a.m.

Size	256.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`287c0ab11acffca7b5ce14f4d8ae3f4d`
SHA256	`8cbafb0ebfb5e7d1cdd0970e10083d987106413aa1dc36df7e9f906d213c7bc1`
CRC32	`3B9A2728`
ssdeep	`3072:H9wnPgPpDuBJhXV8y3t3HvMxoBa+xrCvfnJj2Mu5WDeph3s1dP4oriARVF8TMCkA:HqnPgPpD4XVH39/x2q8eTs/vriKVkk`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

timeSync.exe "C:\Users\test22\AppData\Local\Temp\timeSync.exe"
884

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 21, 2024, 7:15 a.m.	process_identifier: 884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0072e000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory March 21, 2024, 7:15 a.m.	process_identifier: 884 region_size: 159744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0