Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 28, 2025, 2:55 p.m.	Feb. 28, 2025, 2:57 p.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`52990c84b515f04e9d31694dfe132ecd`
SHA256	`c306aeee1e06316c0ba0e5838aed198665f6489bee271e57badc836361c572ce`
CRC32	`8A0C048C`
ssdeep	`49152:Sc4D6KL2lv3cCzjx4YXlGYwZy6q7C7DEincdWWic7LF1+AQSTiLx4:Sc4+KGv35d4Y1Vay6q7+5ncWWic7LF1A`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

VServer.exe "C:\Users\test22\AppData\Local\Temp\VServer.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 28, 2025, 2:55 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	AFX_DIALOG_LAYOUT
resource name	PNG

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 28, 2025, 2:55 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (50 out of 51 events)

name

AFX_DIALOG_LAYOUT

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001ea7f8

size

0x00000002

name

AFX_DIALOG_LAYOUT

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001ea7f8

size

0x00000002

name

AFX_DIALOG_LAYOUT

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001ea7f8

size

0x00000002

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

PNG

language

LANG_KOREAN

filetype

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_KOREAN

offset

0x001ea0b8

size

0x00000111

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

offset

0x001e5908

size

0x00000468

name

RT_MENU

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001e69d8

size

0x00000130

name

RT_GROUP_ICON

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001e5d70

size

0x00000092

name

RT_GROUP_ICON

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x001e5d70

size

0x00000092

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)

APEX

Malicious

VServer.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All