Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.04.01 09:34	Machine	s1_win7_x6401
Filename	bYZtFqTM
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	10	Behavior Score	0.2
ZERO API	file : clean
VT API (file)
md5	5a16eedc14b68099c21169a2c91f89d3
sha256	75e5d40d941b6c1ed5cfd7a929aeaa30fa80e7d2d94ddd9cac85cfef25957bca
ssdeep	768:nw8nr3SvetlELLA2QsEkPiQUVbKncqe0A9KgWRNUnMRrlnGGZB:wkrcetl802rEkUVbKnle0A9SuMRJGGT
imphash	eeb95284c509c0cd676bb6384e0e301f
impfuzzy	3:sgBJO7PvXZElAWBJAEPwaIW6CVxabAJIAUxDKhLJTBy2AX+PEeHAXKtmem9Cz8Jj:XArvX6lFBJAEl6FmtTw2qzXKAeZQ

Network IP location

Signature (1cnts)

Level	Description
info	The executable uses a known packer

Rules (8cnts)

Level	Name	Description	Collection
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature Zero	binaries (upload)
info	HasDebugData	DebugData Check	binaries (upload)
info	HasModified_DOS_Message	DOS Message Check	binaries (upload)
info	HasRichSignature	Rich Signature Check	binaries (upload)
info	IsBeyondImageSize	Data Beyond ImageSize Check	binaries (upload)
info	IsWindowsGUI	(no description)	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x40a008 CloseHandle
0x40a00c OutputDebugStringA
0x40a010 LoadLibraryA
0x40a014 IsBadStringPtrW
0x40a018 GenerateConsoleCtrlEvent
USER32.dll
0x40a020 RegisterDeviceNotificationA
0x40a024 TranslateMessage
ADVAPI32.dll
0x40a000 RegLoadAppKeyW

EAT(Export Address Table) is none

Report - bYZtFqTM

Signature (1cnts)

Rules (8cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure