Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
12.28 10:12
BootstrapperV1.23_1.exe
12.24 03:12
AD.exe
12.19 08:12
3344.exe
12.19 08:12
evetbeta.exe
12.19 08:12
nj.exe
12.19 08:12
stail.exe
12.19 08:12
Invoice_Final.exe
12.19 08:12
svchost.exe
12.19 08:12
Discordd.exe
12.19 08:12
basx.exe

Latest News
12.28 12:12
Creating a Mechanical ...
12.28 11:12
Blue Origin Fires Up E...
12.28 11:12
Erstmals Quanten-Telep...
12.28 09:12
유클리드소프트, 한국어 특화 AI 모델 ...
12.28 09:12
비쥬얼랩, 네이버 모두 서비스 종료 대비...
12.28 09:12
더스크랙, AcO 기술 적용된 ‘터닝바이...
12.28 09:12
Playing Around with th...
12.28 09:12
IT Sicherheitsnews tae...
12.28 09:12
IT Sicherheitsnews tae...
12.28 07:12
기숙학원김미연, 2026학년도 대입선행반...

Summary | ZeroBOX

getlab.exe

Emotet Malicious Library Confuser .NET UPX MZP Format PE File PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 10, 2024, 9:31 a.m.	Oct. 10, 2024, 9:31 a.m.

Size	3.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`95ae9bdf69e84f774782ff6a33879571`
SHA256	`a171d24673022e2f47c2f562726f3f1d7fbe39ed67a3f18a3a606d7067fe3a57`
CRC32	`F71DA296`
ssdeep	`98304:xdpD26lvqOhK17GMTK4uts+OqMI8aoPedFokbpmBeE:Db/hK5bK7tsjLmcedvbpmBeE`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ConfuserEx_Zero - Confuser .NET Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS