Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 05:09
weseethepicturewithnew...
09.22 05:09
svchost.exe
09.22 05:09
weneednicepicturewithy...
09.22 05:09
nicetomeetyoutheperson...
09.22 05:09
66ef2d38305f6_crypted....
09.22 05:09
66e8772555389_lsndfsg.exe
09.22 05:09
66eea6336b153_app16540...
09.22 05:09
weskineverythingtobepe...
09.22 05:09
ypqhgl.exe
09.22 05:09
Traxx1.exe

Latest News
09.22 05:09
세일포인트, 금융기관 맞춤형 아이덴티티 ...
09.22 05:09
Where Did the Japanese...
09.22 05:09
모니터랩, 클라우드 플랫폼 기업으로 완전...
09.22 05:09
India Seeks Amazon, Fl...
09.22 05:09
Vodafone Idea Inks $3....
09.22 04:09
라온시큐어, “국내외 디지털 인증 시장 ...
09.22 04:09
에스에스알, AI·네트워크·IoT·모바일...
09.22 04:09
SGA솔루션즈, 클라우드 네이티브 보안 ...
09.22 03:09
S2W, AI 기술과 위협 인텔리전스 역...
09.22 03:09
탈레스, 양자 시대 보안위협 대비 사이버...

Summary | ZeroBOX

FreeArc-0.51-win32.exe

UPX Malicious Library BMP Format PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 2, 2024, 10:04 p.m.	July 2, 2024, 10:06 p.m.

Size	6.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`f610dc533e6a1a631d78391705f374e9`
SHA256	`6539dcec7fc5f5a62e0b44dd6f796a7ef7a09c16ec43d100ac2e6ffc74a8faba`
CRC32	`AE0BA0E7`
ssdeep	`98304:1PC/ETlZEqMB5M/AJEZmUWGGE+qoX5EngjKqgyu2+7TkAOphJSlOse9syIZbRlry:8EoqqmoXU8E0inFTkxp6e9orkHRrilg`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

FreeArc-0.51-win32.exe "C:\Users\test22\AppData\Local\Temp\FreeArc-0.51-win32.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 2, 2024, 10:04 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

Allocates read-write-execute memory (usually to unpack itself) (6 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc1000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b71000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73261000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c61000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c24000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory July 2, 2024, 10:04 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c62000 process_handle: 0xffffffff	1	0	0

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Bkav	W32.Common.80C3A334
Symantec	Trojan Horse
Zillya	Exploit.IMG.Win32.698
Jiangmin	Exploit.IMG-WMF.wm
Antiy-AVL	Trojan/Win32.SGeneric
Gridinsoft	Malware.Win32.GenericMC.cc