Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

test.html

Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE32

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 30, 2025, 1:09 p.m.	April 30, 2025, 1:10 p.m.

Size	554.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`21fb1cc18a4ce034d00e1521fb6c91c4`
SHA256	`9fa12e8d0e3194918ed7715187b328879a984bacdddbcf3e0fa4e3b9739fdd2b`
CRC32	`36A7DF79`
ssdeep	`6144:/GUskdKGfkGauwVzGUskdKGfkGauwVSGUskdKGfkGauwVHGR4+l32WBBWm6dVKrC:/SoJlQSoJl7SoJlhSoJlhSoJl`
PDB Path	EaseOfAccessDialog.pdb
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Malicious_Packer_Zero - Malicious Packer Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
199.230.105.25	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

EaseOfAccessDialog.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MUI

Communicates with host for which no DNS query was performed (1 event)

host

199.230.105.25

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Bkav	W32.AIDetectMalware
Skyhigh	BehavesLike.Win32.Dropper.hh
Sangfor	Trojan.Win32.Agent.Vw02
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Avast	Win32:Lumma-E [Drp]
Rising	Trojan.Agent/JS!8.11351 (CLOUD)
McAfeeD	ti!9FA12E8D0E31
Sophos	Troj/DwnLd-ARJ
Google	Detected
Microsoft	Trojan:Win32/LummaStealer!rfn
ZoneAlarm	Troj/DwnLd-ARJ
McAfee	Artemis!21FB1CC18A4C
DeepInstinct	MALICIOUS
Ikarus	Dropper.Lumma
AVG	Win32:Lumma-E [Drp]
Paloalto	generic.ml