Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

iexplore.exe

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 30, 2021, 4:06 p.m.	March 30, 2021, 4:07 p.m.

Size	798.6KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c50eeb216ab9f7e9b375270426c4dfd6`
SHA256	`826d59b40d332b10c06c4acb34e41c60e5213e3a5049d14a250868d2075cfc65`
CRC32	`77304DF6`
ssdeep	`24576:V4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVMMb:7MMHMMMvMMZMMMlmMMMiMMMYJMMHMMMg`
PDB Path	iexplore.pdb
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet win_mutex - Create or check mutex IsPE64 - (no description) IsWindowsGUI - (no description) HasOverlay - Overlay Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

iexplore.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (4 events)

resource name	EDPENLIGHTENEDAPPINFOID
resource name	EDPPERMISSIVEAPPINFOID
resource name	MUI
resource name	WEVT_TEMPLATE