Report - czech.sct

Malicious Packer

ScreenShot

Info
Location map


Created	2021.04.02 16:15	Machine	s1_win7_x6401
Filename	czech.sct
Type	XML document, ASCII text, with very long lines, with CRLF line terminators
AI Score	Not founds	Behavior Score	2.0
ZERO API	file : clean
VT API (file)	9 detected (Squiblydoo, iacgm, Crypted, Malicious, score, CLASSIC)
md5	2bac0d6502283b9906426e9f0df35283
sha256	099826ec7f90522461f106cc0ebd39519e9e4a70bd48c320aa2e955322ffa923
ssdeep	6144:RMgPlxu6nTZBTl8OgMRzbqoZcOo322piqtBzAtThpmzzzKdiiH:RMgPu6nlB5vRzbHlC2qikapmznKdBH
imphash
impfuzzy

Network IP location

Signature (5cnts)

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	File has been identified by 9 AntiVirus engines on VirusTotal as malicious
notice	Yara rule detected in process memory
info	Checks amount of memory in system

Rules (14cnts)

Level	Name	Description	Collection
watch	Malicious_Packer_Zero	Malicious Packer	binaries (upload)
notice	anti_vm_detect	Possibly employs anti-virtualization techniques	binaries (upload)
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory
info	screenshot	Take screenshot	memory
info	win_files_operation	Affect private profile	memory
info	win_registry	Affect system registries	memory
info	win_token	Affect system token	memory

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure