Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 07:11
Former FTX Coder Wang ...
11.14 06:11
Jenkins security advis...
11.14 06:11
Nu Posts Record Return...
11.14 06:11
Cisco Gives Strong Rev...
11.14 06:11
US Accuses China of ‘B...
11.14 06:11
Landscape Motif Makes ...
11.14 05:11
Iranian threat group t...
11.14 05:11
Palo Alto Networks sec...
11.14 05:11
Agencies push for digi...
11.14 05:11
Statt Wechsel auf Wind...

Summary | ZeroBOX

Point.exe

Emotet Generic Malware Malicious Library Antivirus UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 27, 2024, 7:32 a.m.	March 27, 2024, 7:34 a.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e56975127f436aa5e8a9b9c7af5eb23`
SHA256	`7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e`
CRC32	`A977CF8C`
ssdeep	`12288:2jwHlbKaWY6oL1T0uwJ34dW/QtQF5KXGOTBwfRzPZ15HVCjkNMOuEFcd+wtZqA8s:2yHC/QtQF5kGXZPY+1BFc2AZoyLtkwx`
PDB Path	C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Point.exe "C:\Users\test22\AppData\Local\Temp\Point.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

UIDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory March 27, 2024, 7:32 a.m.	process_identifier: 2544 region_size: 208896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 events)

Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Virus.Win32.Gen.ccmw
FireEye	Generic.mg.3e56975127f436aa
Sophos	Mal/Generic-S
Microsoft	Trojan:Win32/Znyonm
ZoneAlarm	UDS:DangerousObject.Multi.Generic
VBA32	BScope.Trojan.AE.toj
SentinelOne	Static AI - Suspicious PE
CrowdStrike	win/malicious_confidence_70% (D)