Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

injector.exe

PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 17, 2024, 1:28 p.m.	Sept. 17, 2024, 2:06 p.m.

Size	9.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c44b5e54b7b3d5494612bf666d4ea9d3`
SHA256	`b1bb075756076ada2b6afbb7da70b8aab44b7bdcdd91fbab77872286e708d8d5`
CRC32	`46D93912`
ssdeep	`96:5hCHKHfsrFbQEw5Yl3+TCqv+ktYhwYLNDKD0FnuGNDq1c/WkEPM7DhZD+MCt:5hFfsrF4O3UoB6oW0Fnvwc/HEPMXT+H`
PDB Path	c:\users\user\documents\visual studio 2010\Projects\injecttest\x64\Release\injecttest.pdb
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

injector.exe "C:\Users\test22\AppData\Local\Temp\injector.exe"
2628

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Sept. 17, 2024, 1:29 p.m.	computer_name: TEST22-PC	1	1	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

c:\users\user\documents\visual studio 2010\Projects\injecttest\x64\Release\injecttest.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 17, 2024, 1:28 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 17, 2024, 1:28 p.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Sept. 17, 2024, 1:29 p.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000041f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Sept. 17, 2024, 1:29 p.m.	process_identifier: 2628 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004390000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Creates a shortcut to an executable file (3 events)

file	C:\Users\test22\Links\Desktop.lnk
file	C:\Users\test22\Links\RecentPlaces.lnk
file	C:\Users\test22\Links\Downloads.lnk

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 events)

ALYac	Trojan.GenericKD.74127302
VIPRE	Trojan.GenericKD.74127302
BitDefender	Trojan.GenericKD.74127302
Arcabit	Trojan.Generic.D46B17C6
Avast	FileRepMalware [Misc]
MicroWorld-eScan	Trojan.GenericKD.74127302
Emsisoft	Trojan.GenericKD.74127302 (B)
McAfeeD	ti!B1BB07575607
CTX	exe.trojan.generic
FireEye	Trojan.GenericKD.74127302
Google	Detected
GData	Trojan.GenericKD.74127302
Varist	W64/ABRisk.HRBL-3041
McAfee	Artemis!C44B5E54B7B3
DeepInstinct	MALICIOUS
AVG	FileRepMalware [Misc]