Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

las.exe

Malicious Packer UPX OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 6, 2024, 9:20 a.m.	Aug. 6, 2024, 9:34 a.m.

Size	25.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`85bad58c9f0f03e85e7989dc7fb3eafe`
SHA256	`47f6f8b908444fb7ef48f2e84977c65dd9a15ce3333b69179b7fd038b1732a16`
CRC32	`2F45C51F`
ssdeep	`384:niRa+DA+kP4VyrbG/pG11JeEZwEfdyxSGU2TDZqCuQpHqBJdy:ckAwspaLaEfsoV2Bq0pHWJ`
PDB Path	C:\Users\user\Desktop\etwunhook-main\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\Users\user\Desktop\etwunhook-main\ConsoleApplication1\x64\Release\ConsoleApplication1.pdb

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Bkav	W64.AIDetectMalware
APEX	Malicious
McAfeeD	ti!47F6F8B90844
Microsoft	Trojan:Win32/Casdet!rfn
MaxSecure	Trojan.Malware.300983.susgen