Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 3, 2024, 5:09 p.m.	April 3, 2024, 5:13 p.m.

Size	611.5KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`dbdcbacbc74b139d914747690ebe0e1c`
SHA256	`54fbd0b6c760f3f0892bd7fabeb6bbad9444a013a024e8a22813c0c0a77d6c18`
CRC32	`B3E231DD`
ssdeep	`6144:a/dfokZMIBEOm3XT5Vxm1bO+UTNwWuV7UkwEg2lC:uVo8MIBNmz5DmrUTsXg`
PDB Path	C:\Users\designernembak\Desktop\TOOLS\PrintSpoofer-master\x64\Debug\PrintSpoofer.pdb
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

PrintSpoofer.exe "C:\Users\test22\AppData\Local\Temp\PrintSpoofer.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\designernembak\Desktop\TOOLS\PrintSpoofer-master\x64\Debug\PrintSpoofer.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.textbss
section	.msvcjmc
section	.00cfg
section	_RDATA

The executable uses a known packer (1 event)

packer

Microsoft Visual C++ V8.0 (Debug)

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.PrintSpoofer.3!c
Elastic	Windows.Exploit.FakePipe
Cynet	Malicious (score: 99)
Skyhigh	RDN/Generic Exploit
ALYac	DeepScan:Generic.PrintSpoofer.1.D498B76E
Cylance	unsafe
VIPRE	DeepScan:Generic.PrintSpoofer.1.D498B76E
Sangfor	Exploit.Win64.Printer.Vwkj
K7AntiVirus	Trojan ( 00567f851 )
BitDefender	DeepScan:Generic.PrintSpoofer.1.D498B76E
K7GW	Trojan ( 00567f851 )
Cybereason	malicious.bc74b1
Arcabit	DeepScan:Generic.PrintSpoofer.1.D498B76E
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/HackTool.Agent.X
APEX	Malicious
McAfee	RDN/Generic Exploit
Avast	Win64:ExploitX-gen [Expl]
ClamAV	Win.Tool.Printspoofer-10016376-0
Kaspersky	HEUR:Exploit.Multi.Printer.gen
Alibaba	Exploit:Win64/Printer.ab602692
NANO-Antivirus	Exploit.Win64.Multi.kickwd
MicroWorld-eScan	DeepScan:Generic.PrintSpoofer.1.D498B76E
Rising	Exploit.Printer!8.12946 (TFE:5:MLMVwqCgTxH)
Emsisoft	DeepScan:Generic.PrintSpoofer.1.D498B76E (B)
F-Secure	Trojan.TR/Agent.ltmky
Zillya	Tool.Agent.Win64.1143
TrendMicro	TROJ_GEN.R002C0XAU24
FireEye	Generic.mg.dbdcbacbc74b139d
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Hacktool
Jiangmin	Exploit.Multi.eg
Google	Detected
Avira	TR/Agent.ltmky
MAX	malware (ai score=80)
Antiy-AVL	Trojan[Exploit]/Multi.Printer
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Exploit.Multi.Printer.gen
GData	DeepScan:Generic.PrintSpoofer.1.D498B76E
Varist	W64/Agent.HCK.gen!Eldorado
AhnLab-V3	Exploit/Win.PrintSpoofer.C5538254
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Trojan.HackTool.DDS
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0XAU24
Tencent	Malware.Win32.Gencirc.13ee9f82
MaxSecure	Trojan.Malware.118857602.susgen
Fortinet	W64/Agent.X!tr

PrintSpoofer.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All