Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.24 06:09
cpuz.exe
09.24 06:09
SSD-Z.exe
09.24 01:09
GoogleUpdate.exe
09.24 01:09
ufw.exe
09.24 01:09
lgrn.exe
09.24 01:09
lgfjd.exe
09.24 01:09
otra.exe
09.24 01:09
66f16f7e683b4_Trippers...
09.24 01:09
1.txt.ps1
09.24 11:09
66f18a5501651_ww_a.exe

Latest News
09.24 07:09
PASCON 2024, 하반기 최대 사이...
09.24 07:09
[사전규격공개] 2025년 블록체인 지원...
09.24 07:09
Web tracking report: w...
09.24 07:09
Introducing Safebrowsi...
09.24 07:09
How Machine Learning i...
09.24 07:09
Turkey Shelves Plans t...
09.24 07:09
House bill pitches int...
09.24 07:09
Cybersecurity Threats:...
09.24 07:09
Prince William to Pick...
09.24 07:09
Grammarly Adds New CFO...

Summary | ZeroBOX

4eb90e57-1994-4a10-8168-48a8fb779cc6

Gen1 Generic Malware Malicious Library UPX PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 5, 2024, 11:41 p.m.	April 5, 2024, 11:41 p.m.

Size	1.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6e6f8bc0dbceec859f9baaff0ebe2811`
SHA256	`7574d2c9903d02681c8190816aa30a76d8874f03148539eacd6af126dc4cba8e`
CRC32	`FD98DAF6`
ssdeep	`24576:U2G/nvxW3Ww0tkqV9bjWrJeQfBmAL6PLRr0UeJ:UbA30kqIJR/`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Uztuby.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.DCRat.S29707587
Skyhigh	BehavesLike.Win32.Generic.th
ALYac	Trojan.MSIL.Basic.8.Gen
Cylance	unsafe
VIPRE	Trojan.Uztuby.17
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 0058ebd51 )
BitDefender	Trojan.Uztuby.17
K7GW	Spyware ( 0058ebd51 )
Cybereason	malicious.0dbcee
Arcabit	Trojan.Uztuby.17 [many]
VirIT	Trojan.VBS.Agent.BEX
Symantec	Trojan.Gen.2
ESET-NOD32	multiple detections
APEX	Malicious
McAfee	Artemis!6E6F8BC0DBCE
Avast	Win32:CrypterX-gen [Trj]
ClamAV	Win.Packed.Msilmamut-9950860-0
Kaspersky	Trojan.VBS.Agent.bet
Alibaba	Backdoor:MSIL/DCRat.d96976b2
MicroWorld-eScan	Trojan.Uztuby.17
Rising	Backdoor.DcRat!8.129D9 (CLOUD)
Emsisoft	Trojan.Uztuby.17 (B)
F-Secure	Heuristic.HEUR/AGEN.1323984
DrWeb	Trojan.PWS.StealerNET.124
TrendMicro	TROJ_GEN.R002C0DD324
FireEye	Trojan.Uztuby.17
Sophos	Troj/DCRat-N
Ikarus	Trojan.VBS.Runner
Google	Detected
Avira	VBS/Runner.VPG
MAX	malware (ai score=86)
Gridinsoft	Trojan.Win32.Agent.sa
Microsoft	Backdoor:MSIL/DCRat!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
GData	Win32.Trojan.BSE.1CL7UZW
Varist	W32/S-1b09bef6!Eldorado
BitDefenderTheta	Gen:NN.ZemsilF.36802.Zq0@aa8BYAhi
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Spyware.Stealer.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DD324
SentinelOne	Static AI - Malicious SFX
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DVA!tr
AVG	Win32:CrypterX-gen [Trj]