Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...
09.22 02:09
Hacker behind Snowflak...
09.22 01:09
03 - Identifying Signs...

Summary | ZeroBOX

winwrt.exe

Malicious Library UPX Malicious Packer Anti_VM PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 11, 2024, 1:20 p.m.	July 11, 2024, 1:44 p.m.

Size	6.5MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`738be35e781a93b2f3486268fcbf2d6e`
SHA256	`61a6c1560ac095f3fc66beadcc5f1f430c3cb0394fa77f0d369f694eb1a2685f`
CRC32	`E7DE1A1C`
ssdeep	`49152:87JozavjZrb/T3vO90d7HjmAFd4A64nsfJrCyhvB9AolOjOThQLQ+JO22gltDkYX:sfYfglBRcE3BTiIWqMnM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

winwrt.exe "C:\Users\test22\AppData\Local\Temp\winwrt.exe"
1820

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Skyhigh	BehavesLike.Win64.HToolWinGo.vh
McAfeeD	ti!61A6C1560AC0
DeepInstinct	MALICIOUS
MaxSecure	Trojan.Malware.300983.susgen
CrowdStrike	win/malicious_confidence_60% (D)

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 11, 2024, 1:13 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 11, 2024, 1:13 p.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0