Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 08:09
Steel Reinforcement To...
09.21 07:09
Iranian Hackers Tried ...
09.21 06:09
Prime Day is approachi...
09.21 06:09
heise-Angebot: NEU im ...
09.21 06:09
Datenschutzvorfall bei...
09.21 05:09
Ausfallzeiten gegen nu...
09.21 05:09
There’s No Lower Spec ...
09.21 05:09
[PASCON 2024-영상] 박재민 엔...
09.21 04:09
[PASCON 2024-영상] SK쉴더스...
09.21 04:09
[PASCON 2024-영상] 윤영 익스...

Summary | ZeroBOX

C.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 26, 2024, 6:58 p.m.	July 26, 2024, 7 p.m.

Size	95.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`9474b528235299dbbd8e6d7520df48e3`
SHA256	`653643156a1d40a4be173edea122b0b20a68ce42f6c4e32d4425fe2c765467da`
CRC32	`C6E7E9BE`
ssdeep	`1536:zhzgDctWGkDWzOhIKtP7Zv41JQqa39ImLXL+BP1cyY2VsWjcdHg0LFkpvb0Sg:RXpkazOOKtTZQ7QCML+BPvY2aHg0LFky`
PDB Path	D:\Users\Carsten\Chimichurri\Release\Chimichurri.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

C.exe "C:\Users\test22\AppData\Local\Temp\C.exe"
1932

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA July 26, 2024, 6:58 p.m.	buffer: /Chimichurri/-->This exploit gives you a Local System shell <BR> console_handle: 0x00000007	1	1	0
WriteConsoleA July 26, 2024, 6:58 p.m.	buffer: /Chimichurri/-->Usage: Chimichurri.exe ipaddress port <BR> console_handle: 0x00000007	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\Users\Carsten\Chimichurri\Release\Chimichurri.pdb

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

BitDefenderTheta	Gen:NN.ZexaF.36810.fuW@aWLp!7oi
Ikarus	Win32.Outbreak
huorong	HackTool/IIS.a
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	HackTool:Win/IIS.AZ