Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

msedge.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 18, 2024, 10:16 a.m.	Aug. 18, 2024, 10:16 a.m.

Size	3.6MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`30e74327b4f7bc2e556ac0a6d8e02dd2`
SHA256	`a63d7069ce90cd5d1341fa24585edbdcf7f559621159d6a4b84c402d1af9c19f`
CRC32	`7B2DDF7C`
ssdeep	`49152:f55DVDLwizDjSHLLn/G040/IBDsxVfZmsdTZCFbTah46V2av2y/Bu:dfcL5/IDpVG4so`
PDB Path	D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	.gxfg
section	.retplne
section	CPADinfo
section	LZMADEC
section	_RDATA
section	malloc_h

The file contains an unknown PE resource name possibly indicative of a packer (4 events)

resource name	EDPENLIGHTENEDAPPINFOID
resource name	EDPPERMISSIVEAPPINFOID
resource name	GOOGLEUPDATEAPPLICATIONCOMMANDS
resource name	LIMITEDACCESSFEATURE