Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 05:09
Intel Gains on Report ...
09.21 05:09
ION Reprices Leveraged...
09.21 05:09
Microsoft bringt Windo...
09.21 05:09
Falsche Buchungen in M...
09.21 05:09
Auf diesem Twitter-Klo...
09.21 04:09
OIG audit calls for mo...
09.21 04:09
How Google Allegedly M...
09.21 04:09
Metasploit Weekly Wrap...
09.21 03:09
Fixing an Elgato HD60 ...
09.21 02:09
Google Faces EU Ultima...

Summary | ZeroBOX

logon.exe

Generic Malware Malicious Library PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 8, 2024, 11:15 a.m.	Aug. 8, 2024, 11:19 a.m.

Size	157.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ceccc726e628b9592af475cc27d0a7ae`
SHA256	`ccb40eb0137e156af89b0e0dbdac4192152dd19540efecdb56eeaa0384e5d55f`
CRC32	`DBAAA358`
ssdeep	`3072:WgGMUZwVAMYiEkbIuQSrYfgJ7b7mZdVpvF5QjgJ9r5O:NHt4kc0/Sj1gEi`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

logon.exe "C:\Users\test22\AppData\Local\Temp\logon.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (5 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA Aug. 8, 2024, 11:15 a.m.	buffer: logon.exe is heart beat version console_handle: 0x00000007	1	1	0
WriteConsoleA Aug. 8, 2024, 11:15 a.m.	buffer: Please waiting for a moment ... console_handle: 0x00000007	1	1	0
WriteConsoleA Aug. 8, 2024, 11:15 a.m.	buffer: path:C:\Users\test22\AppData\Local\Temp\sinforIP console_handle: 0x00000007	1	1	0
WriteConsoleA Aug. 8, 2024, 11:15 a.m.	buffer: load sinforIP fail console_handle: 0x00000007	1	1	0
WriteConsoleA Aug. 8, 2024, 11:15 a.m.	buffer: GetMatchAcIP fail console_handle: 0x00000007	1	1	0

File has been identified by 20 AntiVirus engines on VirusTotal as malicious (20 events)

Bkav	W32.AIDetectMalware
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Agent.TXZ
APEX	Malicious
McAfee	Artemis!CECCC726E628
Avast	Win32:Malware-gen
Rising	Trojan.Agent!8.B1E (CLOUD)
Zillya	Trojan.Agent.Win32.1160276
McAfeeD	ti!CCB40EB0137E
FireEye	Generic.mg.ceccc726e628b959
Kingsoft	Win32.Troj.Undef.a
Microsoft	Trojan:Win32/Wacatac.B!ml
BitDefenderTheta	AI:Packer.1A5AF0A41F
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.Heuristic.2046
Tencent	Win32.Trojan.Agent.Lcnw
MaxSecure	Trojan.Malware.1728101.susgen
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Agent.TDP