Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.23 02:09
Brass Propeller Gets I...
09.23 01:09
트리니티소프트, 애플리케이션 보안 분야에...
09.23 01:09
텔레그램 사용자 정책 위반 사칭 피싱 사...
09.23 01:09
SKYBOX 통합보안위험관리 솔루션, 다...
09.23 12:09
카스퍼스키, 클라우드·엔드포인트·OT 보...
09.22 11:09
Lula Seeks to Lead Pus...
09.22 11:09
Emoji-Erweiterung: Ach...
09.22 11:09
Slack wird noch smarte...
09.22 11:09
지란지교데이터, 개인정보 비식별화와 AI...
09.22 11:09
Robotic Touch Using a ...

Summary | ZeroBOX

appst.exe

Generic Malware UPX Malicious Library PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 16, 2024, 9:59 a.m.	June 16, 2024, 10:02 a.m.

Size	3.1MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`f05da219bf720502ed4a9d17c7bbcb65`
SHA256	`e1107ea656eb0de7ac6c8fa2f0eba4e93085c01492a6f62015ce0425a893a2dc`
CRC32	`001F5DB3`
ssdeep	`49152:SKFr5jBni9WzxmAIknn/kIvJOJNBT1A1gJky1l:rr5VnnzxmhkP+x`
Yara	Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

appst.exe "C:\Users\test22\AppData\Local\Temp\appst.exe"
2640

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 16, 2024, 9:59 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 16, 2024, 9:59 a.m.	process_identifier: 2640 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Kaspersky	UDS:HackTool.Win64.KMSAuto.a
Webroot	W32.Malware.Gen
ZoneAlarm	UDS:HackTool.Win64.KMSAuto.a
Panda	Trj/RnkBend.A
Paloalto	generic.ml