Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 09:09
random.exe
09.21 09:09
MPA.exe
09.21 09:09
vdshgdf16.exe
09.21 09:09
vsfdhgg15.exe
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...

Latest News
09.21 09:09
Rocket Lab Satellite L...
09.21 09:09
IT Sicherheitsnews tae...
09.21 08:09
Google Judge Questions...
09.21 08:09
US Leans on Shipbuildi...
09.21 08:09
Mechanical Logic Gates...
09.21 08:09
Sarah Silverman Lawyer...
09.21 07:09
September 21, 2024
09.21 06:09
GAO to unveil findings...
09.21 06:09
Snowflake Hacker Still...
09.21 06:09
SEC Blasts Musk for At...

Summary | ZeroBOX

1.exe

Generic Malware Malicious Library UPX Anti_VM PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 5:49 p.m.	Aug. 6, 2024, 5:49 p.m.

Size	852.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c6eae5603e3b43a51d2d2c449db3f6be`
SHA256	`a1f94fa283270290a5365565dd6234d4eba89c394d3c8076c064f62c53cbb749`
CRC32	`28EDE6F3`
ssdeep	`12288:4uzzfSDgiGQbmkejmQJNT9MiH2wSD1ms1XJwDo3HY0nk25+Yn3anpgtQNZm1nthJ:YU7JNmiHjSnR3Ye5zapgtwZm1thGO`
PDB Path	D:\build\ob\bora-14665864\bora\build\build\setup\release\win32\setup.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\build\ob\bora-14665864\bora\build\build\setup\release\win32\setup.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None