Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.04 10:07
eveningfiledatinglover...
07.04 10:07
file_qzz145uz.kxq.txt.ps1
07.04 10:07
file_20dp34d4.orr.txt.ps1
07.04 10:07
file_3e3wgwby.144.txt.ps1
07.04 10:07
new-image_j.jpg.exe
07.04 10:07
moon.txt.exe
07.04 10:07
okeydookietrational.tx...
07.04 10:07
streamer.exe
07.04 10:07
file_2n4kbwex.dbr.txt.ps1
07.04 09:07
file_5jjhn5s1.zo4.txt.ps1

Latest News
07.04 10:07
해외에서 금융정보 훔친 악성 앱, 한국에...
07.04 10:07
파수, 삼기의 글로벌 자동차 시장 공략 ...
07.04 10:07
진주시, 신규 공무원 ‘정보보안 및 행정...
07.04 10:07
광주시, 노인성질환 임상실증 인공지능플랫...
07.04 10:07
표준연-지·산·학·연 27개 기관, 양자...
07.04 10:07
NHN, ESG 주요 성과 및 중장기 실...
07.04 10:07
LG헬로비전-인천교육청, 인천상상플랫폼 ...
07.04 10:07
LG전자, AI홈 시대 선도 위해 스마트...
07.04 10:07
디지털 분야 첨단 연구 선도할 석박사급 ...
07.04 10:07
에코프로, 자사 사칭 불법 사이트 발견....

Summary | ZeroBOX

tsjtmfdm.pkg.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 1, 2024, 3:30 p.m.	July 1, 2024, 3:32 p.m.

Size	409.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98cc12248c1dfc68103dd9fc4d959f68`
SHA256	`36884a8d6801a8eacb23ef7200376eec98882e421365f76cbd342e72124949d1`
CRC32	`ABDB647C`
ssdeep	`6144:q/iQb+ckQsH8TDRGKJkSvGUlYG2EY8l3WBAqt4TCfpXr1ke15w3UL2AaRD4GS+:5Qnk3GDYKGcblBY8lmv4mRXBvHQoyvS+`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

tsjtmfdm.pkg.exe "C:\Users\test22\AppData\Local\Temp\tsjtmfdm.pkg.exe"
2580

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 1, 2024, 3:30 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732c2000 process_handle: 0xffffffff	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Riskware
Skyhigh	BehavesLike.Win32.Trojan.gc
Cylance	Unsafe
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
Symantec	Trojan.Gen.MBT
APEX	Malicious
McAfee	Artemis!98CC12248C1D
McAfeeD	ti!36884A8D6801
FireEye	Generic.mg.98cc12248c1dfc68
Sophos	Generic Reputation PUA (PUA)
Ikarus	PUA.Agent
Webroot	W32.Trojan.Gen
Gridinsoft	Trojan.Win32.Agent.cl
Microsoft	HackTool:Win32/Patcher
GData	Win32.Trojan.Agent.D43C8P
AhnLab-V3	Malware/Win.Trojanspy.R430895
DeepInstinct	MALICIOUS
Malwarebytes	AdRepack.Adware.Packer.DDS
Panda	Trj/Genetic.gen
MaxSecure	Trojan.Malware.238004177.susgen
CrowdStrike	win/malicious_confidence_70% (W)