Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 09:01
FBI Warned Agents It B...
01.18 09:01
JTAG & SWD Debuggi...
01.18 09:01
US Names One of the Ha...
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...

Summary | ZeroBOX

Aristois-Free.jar

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 18, 2025, 4:31 p.m.	Jan. 18, 2025, 4:33 p.m.

Size	6.6MB
Type	Zip archive data, at least v1.0 to extract
MD5	`4cad86ed173ff0dad198582d86bf62b6`
SHA256	`fbff2ebba99bfa194af533852062c6d60831c7cc3801d4af980c329721484a28`
CRC32	`592D2C09`
ssdeep	`196608:N0EY4XwEff0cxykwL9g1leOnAU+1blTRLXKrC05:KYDf8FkHXAU8dJXKrb5`
Yara	zip_file_format - ZIP file format

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\Aristois-Free.jar
2576

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 18, 2025, 4:24 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 18, 2025, 4:24 p.m.	process_identifier: 2576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000026a0000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Skyhigh	Artemis!PUP
Google	Detected
Varist	ABTrojan.WIRB-
MaxSecure	Trojan.Malware.300983.susgen
alibabacloud	Suspicious

A potential heapspray has been detected. 758 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3033

name

heapspray

process

java.exe

total_mb

758

length

262144

protection

PAGE_READWRITE