Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.17 02:09
setup2.exe
09.17 02:09
66e5f96b41510_GageEpa....
09.17 02:09
ueu7.exe
09.17 02:09
Ghost_0x000263826B9A9B...
09.17 02:09
66c62b70f281e_tz4j.exe
09.17 02:09
Client_protected.exe
09.17 02:09
install_lodop32.exe
09.17 02:09
hq8.exe
09.17 02:09
66df1acad4359_res_out.exe
09.17 02:09
yqy2.exe

Latest News
09.18 05:09
KKR-Backed Livspace Ne...
09.18 05:09
BlackRock, Microsoft A...
09.18 05:09
FCC opens applications...
09.18 05:09
Latest PiEEG Shield No...
09.18 05:09
Sony Joins a Crypto Pu...
09.18 04:09
Back to the office, Vo...
09.18 04:09
AT&T agrees to $13...
09.18 04:09
Russia-backed disinfo ...
09.18 04:09
Tracing Stack Usage an...
09.18 04:09
Russian threat groups ...

Summary | ZeroBOX

downloader.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 22, 2024, 11:25 a.m.	Aug. 22, 2024, 11:28 a.m.

Size	198.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`64f01094081e5214edde9d6d75fca1b5`
SHA256	`5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0`
CRC32	`306B1A47`
ssdeep	`3072:5WF1Sss2XaOvu+v7QC2mCAbtoJOBW0rArwrkut57cIrDjy6Hy7GKbY64IrHOF:5WF0+XaOvuyycWNrwrk6y70JIruF`
PDB Path	C:\BuildAgent\work\724ffc1c11fec002\downloader\Release\downloader.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

downloader.exe "C:\Users\test22\AppData\Local\Temp\downloader.exe"
2556
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\BuildAgent\work\724ffc1c11fec002\downloader\Release\downloader.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 22, 2024, 11:20 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Bkav	W32.AIDetectMalware
Skyhigh	RDN/VKontakteDJ adware
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Yandex.K potentially unwanted
McAfee	RDN/VKontakteDJ adware
Zillya	Trojan.Kryptik.Win32.3650122
McAfeeD	ti!5861FCAC5DCD
Jiangmin	AdWare.VKontakteDJ.hz
Webroot	W32.Adware.Gen
Google	Detected
Varist	W32/Yandex.G.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	PUP.Optional.Yandex.DDS