popup

Report - oikz5qpn.tar

Gen2 Gen1
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.01 15:21 Machine s1_win7_x6401
Filename oikz5qpn.tar
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
1
 Behavior Score
1.2
ZERO API file : malware
VT API (file) 36 detected (malicious, high confidence, GenericKD, Dridex, Save, Attribute, HighConfidence, Kryptik, HKFC, Cridex, dGZlOgUe5oHeB4TeVA, ohmhn@0, kcloud, Wacapew, Wacatac, R375024, ai score=80, Unsafe, Score, PossibleThreat, GdSda, HgkASRwA)
md5 9143a373da62638070883e5069574176
sha256 7f721141b9a5d5ee1bedc9729e3b5003cb2d161305b046090495b036e590394e
ssdeep 12288:NbHAqgIuNsQBUTGlXA21Sp3vykrYIAtUfd+G+okZ:dBCNrU6/CakrYQdZ+hZ
imphash adeae1388ccab7d5ea2c08a636428844
impfuzzy 96:YnvHmVLMM5Gc+ZjjLLxZRrspr4vwSxmAw:YtjLtZRrsprEwS4Aw
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 36 AntiVirus engines on VirusTotal as malicious
info This executable has a PDB path

Rules (4cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
info OS_Processor_Check_Zero OS Processor Check Signature Zero binaries (upload)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids


Similarity measure (PE file only) - Checking for service failure