ScreenShot
| Created | 2021.04.01 16:13 | Machine | s1_win7_x6402 |
| Filename | r2InpX42nh | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Drixed, Unsafe, confidence, ZedlaF, mu8@aWWhgOdO, Dridex, Eldorado, Kryptik, HKFN, Generickdz, Convagent, A + Mal, EncPk, ai score=82, Wacatac, score, ET#75%, RDMK, cmRtazqYtJD17L60V03K30Oksi1q, Static AI, Malicious PE, QVM40) | ||
| md5 | 03a068ac195e3988eb0c45c9eb084d27 | ||
| sha256 | 1044bf2b8ed09fe9a700f4593c797ab99cfc41e96db7146bfdd192d10bdb1a3f | ||
| ssdeep | 3072:Jopj6gTxmzaCEH8nFb369t9EtpiU7FZEz57GEYd4ntfrOulzQh:OpjtUzy8nF8YN73Ez57Gz4VyWzQ | ||
| imphash | 97de38df25bb86ed5773a338d673d7ae | ||
| impfuzzy | 3:DyWnKtyHXQTBy2AX+PEKKM9Cz8JEYAJ6BJO7PvXZElAWBJAEPwIAUxDKhLgaIW6H:ZKUHXQTw2q7z/UArvX6lFBJAEeJ6H | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasModified_DOS_Message | DOS Message Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x40a020 TranslateMessage
0x40a024 RegisterDeviceNotificationA
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
KERNEL32.dll
0x40a008 CloseHandle
0x40a00c OutputDebugStringA
0x40a010 LoadLibraryA
0x40a014 GenerateConsoleCtrlEvent
0x40a018 IsBadStringPtrW
EAT(Export Address Table) is none
USER32.dll
0x40a020 TranslateMessage
0x40a024 RegisterDeviceNotificationA
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
KERNEL32.dll
0x40a008 CloseHandle
0x40a00c OutputDebugStringA
0x40a010 LoadLibraryA
0x40a014 GenerateConsoleCtrlEvent
0x40a018 IsBadStringPtrW
EAT(Export Address Table) is none