Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 06:04
8937.e9c8f83d94118188....
04.27 06:04
7914.753c477fc6135f24....
04.27 06:04
gtm.js.pobrane
04.27 06:04
7d0bf13e-79a638a0b87a8...
04.27 06:04
webpack-6751726d88b2d8...
04.27 06:04
6814.91bf0d11abffee40....
04.27 06:04
main-292e27553c8f5cb8....
04.27 06:04
framework-ca706bf673a1...
04.27 06:04
ee8b1517-cc4d7300db272...
04.27 06:04
75fc9c18-02b28d24f737c...

Latest News
04.27 02:04
Storm-1977 Hits Educat...
04.27 02:04
Creating An Electronic...
04.27 11:04
Another Coil Winder Pr...
04.27 10:04
IT Sicherheitsnews tae...
04.27 10:04
IT Sicherheitsnews tae...
04.27 10:04
북한 라자루스, 한국 금융·IT·통신 분...
04.27 09:04
SAP 넷위버 제로데이 취약점 사이버공격...
04.27 09:04
Updte: zipdump.py Vers...
04.27 09:04
대전자동차정비학원 현대직업전문학교, 스카...
04.27 08:04
YKK’s Self-Propelled Z...

Summary | ZeroBOX

KYNIX 24255.jar

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 10, 2025, 4:34 p.m.	Feb. 10, 2025, 4:36 p.m.

Size	270.3KB
Type	Zip archive data, at least v2.0 to extract
MD5	`c48786041bfbc49cd7a4ac809e1f89fb`
SHA256	`9b06f513705fd1f58888d74326cfb7c37daa41855e977ceb103e929398dab233`
CRC32	`4327D06D`
ssdeep	`6144:emTpRn5nfSWk9dPUQDytmwdj1AyWKnwwSK1K:3Rn5fSWk9dNidj1lVFK`
Yara	zip_file_format - ZIP file format

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\test22\AppData\Local\Temp\KYNIX 24255.jar"
2588

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 10, 2025, 4:34 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 10, 2025, 4:34 p.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002520000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

ClamAV	Java.Malware.CVE_2021_44228-9915819-0
Symantec	Java.Strrat
ESET-NOD32	multiple detections
Kaspersky	HEUR:Trojan.Java.Generic
Alibaba	TrojanSpy:JAVA/Agent_AGen.93ba1c7b
Sophos	Java/RAT-IO
Google	Detected
Varist	Kryptik.M.gen!Eldorado
Fortinet	Java/Agent.AF!tr.spy

A potential heapspray has been detected. 763 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3055

name

heapspray

process

java.exe

total_mb

763

length

262144

protection

PAGE_READWRITE