ScreenShot
| Created | 2021.04.02 10:19 | Machine | s1_win7_x6401 |
| Filename | VersiumRR.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetect, malware2, GenericKD, Artemis, Unsafe, malicious, confidence, Attribute, HighConfidence, GenCBL, Agensla, FileRepMalware, Siggen2, Hynamer, score, ai score=89, BScope, Yakes, Undefined, CLOUD, ZexaF, @x1@aq4xteiO) | ||
| md5 | 78cdced17f8cde3357877158ca125e78 | ||
| sha256 | fb248ebe26e8117ae51330389a8a6ff4a66bc84bb9da639622e514cb0b48df9f | ||
| ssdeep | 98304:dMIN1kjSCR5OsmrNGsYiKjPtk+kQYJ7O/mDr:d7kSfsmrNfKT66k | ||
| imphash | 40a3e3e00b1cad3ab67c828af845a553 | ||
| impfuzzy | 6:nEPLMKJAmW4/JLGDgJLgJtXIKFJQQZ/OIA+m1BJAEnERGDfA7VSNLAcPh/MKm:EP+mW4ZGoQtXJxZGb9AJcDfA5kLfP9m | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasModified_DOS_Message | DOS Message Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x906000 GetModuleHandleA
ole32.dll
0x906008 OleInitialize
OLEAUT32.dll
0x906010 SafeArrayCreate
KERNEL32.DLL
0x906018 LocalAlloc
0x90601c LocalFree
0x906020 GetModuleFileNameW
0x906024 GetProcessAffinityMask
0x906028 SetProcessAffinityMask
0x90602c SetThreadAffinityMask
0x906030 Sleep
0x906034 ExitProcess
0x906038 FreeLibrary
0x90603c LoadLibraryA
0x906040 GetModuleHandleA
0x906044 GetProcAddress
USER32.dll
0x90604c GetProcessWindowStation
0x906050 GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.DLL
0x906000 GetModuleHandleA
ole32.dll
0x906008 OleInitialize
OLEAUT32.dll
0x906010 SafeArrayCreate
KERNEL32.DLL
0x906018 LocalAlloc
0x90601c LocalFree
0x906020 GetModuleFileNameW
0x906024 GetProcessAffinityMask
0x906028 SetProcessAffinityMask
0x90602c SetThreadAffinityMask
0x906030 Sleep
0x906034 ExitProcess
0x906038 FreeLibrary
0x90603c LoadLibraryA
0x906040 GetModuleHandleA
0x906044 GetProcAddress
USER32.dll
0x90604c GetProcessWindowStation
0x906050 GetUserObjectInformationW
EAT(Export Address Table) is none