Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...
09.22 02:09
Hacker behind Snowflak...
09.22 01:09
03 - Identifying Signs...

Summary | ZeroBOX

mft.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 11, 2024, 1:22 p.m.	July 11, 2024, 1:46 p.m.

Size	4.5MB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`387d5dde1f4a235218315898b93df6c1`
SHA256	`ce2c82582a12dac08c75bd58252ec27e6a2bbdfa7f96391ac2364f56d4da40f7`
CRC32	`FA88116D`
ssdeep	`49152:Zxan6HUBwtqTIG31ULlDZ2QqNvp6ukKtbV7VzU9mKjo21fijZrL1R0Aa+LaQCof3:/a6nkIEULlDZuVzJ2p6X7fw9`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

mft.exe "C:\Users\test22\AppData\Local\Temp\mft.exe"
2668

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (moderate confidence)
Cylance	Unsafe
McAfeeD	ti!CE2C82582A12
Ikarus	Trojan.Crypt
Google	Detected
DeepInstinct	MALICIOUS
SentinelOne	Static AI - Suspicious PE

Appends a known multi-family ransomware file extension to files that have been encrypted (1 event)

file	C:\Users\test22\AppData\Local\Temp\.p.lock

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 11, 2024, 1:22 p.m.	ordinal: 0 function_address: 0x0018fe29 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0