Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

lemon.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 9, 2024, 10:08 a.m.	Sept. 9, 2024, 10:10 a.m.

Size	2.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`06316232a5c4476deffee5872b5a9c0f`
SHA256	`8e63b1f7f8e29b9a714f796e2e8ca0cd1094086e2d0a5de21601e23e1792a906`
CRC32	`45C6C514`
ssdeep	`49152:W7edaPcjUzLZIpHoQmKFrl9zr05IdTpvBBvwj:H2mS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

lemon.exe "C:\Users\test22\AppData\Local\Temp\lemon.exe"
2588

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 9, 2024, 10:01 a.m.	stacktrace: lemon+0x232765 @ 0x13f382765 lemon+0x26ee2a @ 0x13f3bee2a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: f3 aa 0f b7 84 24 8c 47 00 00 0f b7 8c 24 cc 1b exception.symbol: lemon+0x232765 exception.instruction: stosb byte ptr [rdi], al exception.module: lemon.exe exception.exception_code: 0xc0000005 exception.offset: 2303845 exception.address: 0x13f382765 registers.r14: 0 registers.r15: 0 registers.rcx: 331314 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1243536 registers.r11: 518 registers.r8: 1063080 registers.r9: 0 registers.rdx: 3143550746639030144 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

File has been identified by 11 AntiVirus engines on VirusTotal as malicious (11 events)

Bkav	W64.AIDetectMalware
Elastic	malicious (moderate confidence)
Cylance	Unsafe
ESET-NOD32	a variant of Win64/GenKryptik.GZUY
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
FireEye	Generic.mg.06316232a5c4476d
SentinelOne	Static AI - Suspicious PE
ZoneAlarm	UDS:DangerousObject.Multi.Generic
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)