Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

rk.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 11, 2024, 10:08 a.m.	Sept. 11, 2024, 10:16 a.m.

Size	141.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`1da75b8429618aa83d899fc16e59f834`
SHA256	`b8d90a6e3d811e7bee3d8827bfb19f5cb5c03696c15f911db475b4497c386274`
CRC32	`CDBF6C85`
ssdeep	`3072:dmOLKlz7mL0Y1SNxgLBiu2T2F8fLTmxa:dmOLKV7mLmuLBi3T2cax`
PDB Path	xor_loader.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

xor_loader.pdb

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Cynet	Malicious (score: 99)
Sangfor	Trojan.Win32.Save.a
Elastic	malicious (moderate confidence)
F-Secure	Heuristic.HEUR/AGEN.1375022
McAfeeD	ti!B8D90A6E3D81
Avira	HEUR/AGEN.1375022