Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.26 02:04
file.exe
04.26 02:04
unindictedEb7l.ps1
04.26 02:04
32ja.exe
04.26 02:04
upx.exe
04.26 02:04
svcstealer.exe
04.26 02:04
fcc.exe
04.26 02:04
untippedhi.exe
04.26 02:04
sd4.ps1
04.26 09:04
228516-0.xml
04.26 05:04
crt.sh _ 17871143715.html

Latest News
04.26 02:04
European Universities ...
04.26 02:04
2025년 정보보호 및 개인정보보호 관리...
04.26 02:04
RP2040 Spins Right ‘Ro...
04.26 11:04
Hash Functions with th...
04.26 10:04
Elon Musk’s XAI Holdin...
04.26 09:04
Update: rtfdump.py Ver...
04.26 09:04
Only Google Can Run Ch...
04.26 09:04
Deel Sues Rippling for...
04.26 08:04
HHS OCR Settles HIPAA ...
04.26 08:04
XOR Gate as a Frequenc...

Summary | ZeroBOX

Banderas.exe

Malicious Packer UPX Malicious Library PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 19, 2025, 11:20 a.m.	Feb. 19, 2025, 11:43 a.m.

Size	2.3MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c0797e1ab7522e82dd0764c42dfa0c67`
SHA256	`c0c59aadd4431da20e79a174f1bc1099f24d1b8627571e5afd43a8a4c2ea92fa`
CRC32	`2C24B940`
ssdeep	`24576:px6EOwgwMtbDAZeVLvmMqo9k59yjg660sxaHjnlSjhCP5WncFu:pxJOzZtbDuekr5E9nlMCBWc`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

Banderas.exe "C:\Users\test22\AppData\Local\Temp\Banderas.exe"
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab