Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.08 05:11
locker.exe
11.08 05:11
PowerView.ps1
11.08 05:11
cred64.dll
11.08 05:11
ngrok.exe
11.08 05:11
CollosalLoader.exe
11.08 05:11
SharpHound.exe
11.08 05:11
Reaper%20cfx%20Spoofer...
11.08 05:11
dxwebsetup.exe
11.08 05:11
hell9o.exe
11.08 05:11
jerniuiopu.exe

Latest News
11.11 05:11
Spam-Anrufe adé: Diese...
11.11 05:11
Bilderkontrolle in Wha...
11.11 05:11
Baguette statt Bitcoin...
11.11 05:11
Beware of the “India P...
11.11 03:11
Component Tester Teardown
11.11 03:11
JPMorgan Braces for ‘I...
11.11 02:11
Zipdump & PKZIP Re...
11.11 12:11
Strom und Heizkosten i...
11.11 12:11
Koffein-Tracking per A...
11.11 12:11
Ryzen 7 9800X3D: AMDs ...

Summary | ZeroBOX

1.exe

Generic Malware Malicious Library UPX Anti_VM PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 5:49 p.m.	Aug. 6, 2024, 5:49 p.m.

Size	852.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c6eae5603e3b43a51d2d2c449db3f6be`
SHA256	`a1f94fa283270290a5365565dd6234d4eba89c394d3c8076c064f62c53cbb749`
CRC32	`28EDE6F3`
ssdeep	`12288:4uzzfSDgiGQbmkejmQJNT9MiH2wSD1ms1XJwDo3HY0nk25+Yn3anpgtQNZm1nthJ:YU7JNmiHjSnR3Ye5zapgtwZm1thGO`
PDB Path	D:\build\ob\bora-14665864\bora\build\build\setup\release\win32\setup.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\build\ob\bora-14665864\bora\build\build\setup\release\win32\setup.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None