Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.24 06:09
cpuz.exe
09.24 06:09
SSD-Z.exe
09.24 01:09
GoogleUpdate.exe
09.24 01:09
ufw.exe
09.24 01:09
lgrn.exe
09.24 01:09
lgfjd.exe
09.24 01:09
otra.exe
09.24 01:09
66f16f7e683b4_Trippers...
09.24 01:09
1.txt.ps1
09.24 11:09
66f18a5501651_ww_a.exe

Latest News
09.24 07:09
PASCON 2024, 하반기 최대 사이...
09.24 07:09
[사전규격공개] 2025년 블록체인 지원...
09.24 07:09
Web tracking report: w...
09.24 07:09
Introducing Safebrowsi...
09.24 07:09
How Machine Learning i...
09.24 07:09
Turkey Shelves Plans t...
09.24 07:09
House bill pitches int...
09.24 07:09
Cybersecurity Threats:...
09.24 07:09
Prince William to Pick...
09.24 07:09
Grammarly Adds New CFO...

Summary | ZeroBOX

cmd.10001.exe

Malicious Packer UPX PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 1, 2024, 7:36 a.m.	April 1, 2024, 7:41 a.m.

Size	1.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ce8e1592a4685f349136cb13c12e543f`
SHA256	`40516869f63341f2c9a760ac0faa823a11168fdc0067beef413cd6ed9e858f07`
CRC32	`E209BDD0`
ssdeep	`24576:yse92KNwXkWxZiwdMeHRmXKNjhdAT2JSzrSQb92Jco0a:E2K8eexmyj/nCmwo0a`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file

cmd.10001.exe "C:\Users\test22\AppData\Local\Temp\cmd.10001.exe"
516

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00018200', u'virtual_address': u'0x0017d000', u'entropy': 7.991339885948009, u'name': u'/19', u'virtual_size': u'0x0001809d'}

entropy

7.99133988595

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00004e00', u'virtual_address': u'0x00196000', u'entropy': 7.906069407068587, u'name': u'/32', u'virtual_size': u'0x00004ce4'}

entropy

7.90606940707

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00030600', u'virtual_address': u'0x0019c000', u'entropy': 7.99569977195316, u'name': u'/65', u'virtual_size': u'0x0003050f'}

entropy

7.99569977195

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00015200', u'virtual_address': u'0x001cd000', u'entropy': 7.981442449406277, u'name': u'/78', u'virtual_size': u'0x000150ad'}

entropy

7.98144244941

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00008c00', u'virtual_address': u'0x001e3000', u'entropy': 7.783783276254533, u'name': u'/90', u'virtual_size': u'0x00008a1a'}

entropy

7.78378327625

description

A section with a high entropy has been found

entropy

0.293132900581

description

Overall entropy of this PE file is high