Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.07 03:01
albt.exe
01.07 03:01
setup.exe
01.07 03:01
sela.exe
01.07 11:01
win.exe
01.06 06:01
win.exe
01.06 06:01
ytjgjdrthjdw.exe
01.06 06:01
XClient.exe
01.06 06:01
l3v0.exe
01.05 12:01
image-1.jpeg
01.05 12:01
image.png

Latest News
01.03 09:01
EC2 Grouper Attack
01.03 09:01
김주상, 독일 유학 준비생을 위한 '독일...
01.03 09:01
GenAI cybersecurity RO...
01.03 09:01
Apple to settle claims...
01.03 09:01
아로셀, 5주년 맞아 전 제품 최대 52...
01.03 09:01
패션 브랜딩 컴퍼니 그래비티 서울, 신진...
01.03 09:01
재팬세일, 일본직구로 스노우 스포츠 기획...
01.03 09:01
용인이강기숙학원, 2026학년도 재수생 ...
01.03 09:01
식판세척업체 클린앤키즈, 아동복지기관 신...
01.03 09:01
NS홈쇼핑, 디지털 콘텐츠 버추얼 프로덕...

Summary | ZeroBOX

qidong.exe

Malicious Library PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 3, 2025, 5:54 p.m.	Jan. 3, 2025, 5:57 p.m.

Size	44.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`fd3b02595e57959bdffe927dfa01b651`
SHA256	`d11790375573ac728cbd860735a7cfa37e9ed624c9f758b1153c1ec36054682c`
CRC32	`99BCD12E`
ssdeep	`384:N5tmVYRTF5Uy06VkFowCTgwuBv9Fr/L8EwpESycPNAX/LuazV0ocRUos7Xh3awZT:9mVYRT370TV9BNw/jNAvLU9UosbJawq`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

qidong.exe "C:\Users\test22\AppData\Local\Temp\qidong.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

File has been identified by 8 AntiVirus engines on VirusTotal as malicious (8 events)

CrowdStrike	win/malicious_confidence_90% (W)
Kaspersky	HEUR:Trojan.Win32.BypassUAC.gen
Rising	Trojan.BypassUAC!8.EC23 (LESS:bWQ1OgaF+Szp4L23)
Trapmine	suspicious.low.ml.score
Kingsoft	Win32.Trojan.BypassUAC.gen
AhnLab-V3	Malware/Win.Generic.C5713640
DeepInstinct	MALICIOUS
MaxSecure	Trojan.Malware.300983.susgen