Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

Summary | ZeroBOX

PsExec.exe

Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 9, 2024, 9:53 a.m.	July 9, 2024, 9:57 a.m.

Size	699.4KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`24a648a48741b1ac809e47b9543c6f12`
SHA256	`078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b`
CRC32	`681E23A2`
ssdeep	`12288:LOO6oMlKDdwPDMlkw6Pph0lhSMXle+eO1HK+meynh5yRX3oRG72:LD9McwPDCkw6Bh0lhSMXlemqth5yRX3E`
PDB Path	D:\a\1\s\psexec\exe\Win32\Release\psexec.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

PsExec.exe "C:\Users\test22\AppData\Local\Temp\PsExec.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 9, 2024, 9:53 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA July 9, 2024, 9:53 a.m.	buffer: PsExec v2.43 - Execute processes remotely Copyright (C) 2001-2023 Mark Russinovich Sysinternals - www.sysinternals.com console_handle: 0x0000000b	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\a\1\s\psexec\exe\Win32\Release\psexec.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 9, 2024, 9:53 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BINRES

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 9, 2024, 9:53 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735d2000 process_handle: 0xffffffff	1	0	0

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)

Sangfor	HackTool.Win64.PsExec.uwccg
Sophos	PsExec (PUA)