Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

file.exe

UPX Malicious Library OS Processor Check PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 13, 2024, 9:09 a.m.	Sept. 13, 2024, 9:13 a.m.

Size	56.0KB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`81ab6efc7f70bfccf8669c4be6b8098c`
SHA256	`42a27dcdd65f2e3b7ed85e996a70eb0df422692914715fce6a1919514b85ddb6`
CRC32	`8B5D242B`
ssdeep	`768:KXQi5vZ0UfJRDhiB9lOn0QQrybZolteW7yjoTm:WQU+OJhn8gStenju`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

file.exe "C:\Users\test22\AppData\Local\Temp\file.exe"
884

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 13, 2024, 9:08 a.m.			0	0

The executable uses a known packer (1 event)

packer

Armadillo v1.71

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Elastic	malicious (moderate confidence)
Cylance	Unsafe
Avast	Win32:WrongInf-A [Susp]
Zillya	Tool.RMS.Win32.165
McAfeeD	ti!42A27DCDD65F
FireEye	Generic.mg.81ab6efc7f70bfcc
Webroot	W32.Malware.Gen
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
DeepInstinct	MALICIOUS
AVG	Win32:WrongInf-A [Susp]
CrowdStrike	win/malicious_confidence_60% (D)