Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

nsp.exe

Malicious Packer UPX OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 9:08 a.m.	Aug. 6, 2024, 9:23 a.m.

Size	25.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`9602cbee90958711bfd9c1b8efcf04f0`
SHA256	`4d44c403c0246efbf75fd00a39e758858089415cb24c3188e039356a75fa8f53`
CRC32	`17CD48E9`
ssdeep	`384:jiRa+DA+kP4VyrbG/pG11JeEZwEfdyxSGU2TDZqmeuQpHqBJdy:gkAwspaLaEfsoV2BqmApHWJ`
PDB Path	C:\Users\user\Desktop\etwunhook-main\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
5.104.84.79	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\user\Desktop\etwunhook-main\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Bkav	W64.AIDetectMalware
APEX	Malicious
McAfeeD	ti!4D44C403C024
Microsoft	Trojan:Win32/Casdet!rfn
MaxSecure	Trojan.Malware.300983.susgen

Communicates with host for which no DNS query was performed (1 event)

host

5.104.84.79