Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 3, 2024, 5:09 p.m.	April 3, 2024, 5:12 p.m.

Size	19.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`b26b57b28e61f9320cc42d97428f3806`
SHA256	`d76ce4776f4bffcf3b9d84cc7ed0afca5157257a459fed6ca21d68c986e2d63d`
CRC32	`E7FD0266`
ssdeep	`384:prwpQx/8pqH67ujksnWOFqgWJ+SSloQzC:prT/8gH65gWVnkC`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

ps.exe "C:\Users\test22\AppData\Local\Temp\ps.exe"
632

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA April 3, 2024, 2:48 p.m.	buffer: [-] Please specify a console_handle: 0x00000007	1	1	0

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.AIDetectMalware
Lionic	Hacktool.Win32.PrintSpoofer.3!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	RDN/Generic PUP.z
ALYac	Generic.PrintSpoofer.1.A744D1F3
Cylance	unsafe
VIPRE	Generic.PrintSpoofer.1.A744D1F3
Sangfor	Hacktool.Win32.Printspoofer.V23a
K7AntiVirus	Hacktool ( 0057cd3f1 )
BitDefender	Generic.PrintSpoofer.1.A744D1F3
K7GW	Hacktool ( 0057cd3f1 )
Arcabit	Generic.PrintSpoofer.1.A744D1F3
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/HackTool.Agent.NHO
APEX	Malicious
McAfee	RDN/Generic PUP.z
Avast	Win32:ExploitX-gen [Expl]
Kaspersky	HEUR:HackTool.Win32.PrintSpoofer.gen
Alibaba	HackTool:Win32/PrintSpoofer.1414c3f3
MicroWorld-eScan	Generic.PrintSpoofer.1.A744D1F3
Rising	HackTool.Agent!8.335 (TFE:5:dPySkdZtye)
Emsisoft	Generic.PrintSpoofer.1.A744D1F3 (B)
F-Secure	Trojan.TR/Hacktool.qjmdm
TrendMicro	TROJ_GEN.R002C0PKH23
FireEye	Generic.mg.b26b57b28e61f932
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.Win32.HackTool
Jiangmin	HackTool.PrintSpoofer.al
Google	Detected
Avira	TR/Hacktool.qjmdm
MAX	malware (ai score=89)
Antiy-AVL	HackTool/Win32.PrintSpoofer
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	HEUR:HackTool.Win32.PrintSpoofer.gen
GData	Generic.PrintSpoofer.1.A744D1F3
Varist	W32/ABRisk.SYUT-0951
AhnLab-V3	Exploit/Win.PrintSpoofer.R358767
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0PKH23
Tencent	Malware.Win32.Gencirc.13f3e1b5
MaxSecure	Trojan.Malware.119272633.susgen
Fortinet	Riskware/Agent
AVG	Win32:ExploitX-gen [Expl]
CrowdStrike	win/malicious_confidence_70% (D)

ps.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All