popup

Report - filename.exe

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.12 14:35 Machine s1_win7_x6402
Filename filename.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
 Behavior Score
2.6
ZERO API file : clean
VT API (file) 23 detected (AIDetect, malware1, malicious, high confidence, GenericRXAA, Unsafe, Save, Attribute, HighConfidence, Wacatac, score, ZexaF, ICW@aOcffUcG, UKED, ET#80%, RDMK, cmRtazpdK5JCOsoOlNzlRFh5NIpG, Static AI, Malicious PE, GenKryptik, FDXJ, confidence, QVM10)
md5 7b8cec428653a5a825830748cd6426a7
sha256 f60284a15a48a371bae8ac4adc43cddfdb79e6150ce03f620d0cce8aec441159
ssdeep 12288:NoEdDUokeYkljLEuTwVvSrLTQ3IAkzounyvWGNQaUTlvEhtCgD:NfqwjLEuToKxoTWGNQhZCD
imphash 6abcd353ab9736efc91a9e17dd2f8b32
impfuzzy 48:Y20UORzbIZLDG1tMcvXuyD9CKdpnNZ7p6xE:Y20VpIZHG1tMcvpD9CGpHNr
  Network IP location

Signature (6cnts)

Level Description
warning File has been identified by 23 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (6cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check Signature Zero binaries (upload)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info IsPacked Entropy Check binaries (upload)
info IsWindowsGUI (no description) binaries (upload)
info win_files_operation Affect private profile binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x3ddc000 ExitProcess
 0x3ddc004 RemoveVectoredExceptionHandler
 0x3ddc008 FindResourceA
 0x3ddc00c WriteConsoleOutputCharacterA
 0x3ddc010 SystemTimeToTzSpecificLocalTime
 0x3ddc014 SetWaitableTimer
 0x3ddc018 HeapFree
 0x3ddc01c GetModuleHandleExW
 0x3ddc020 LockFile
 0x3ddc024 SetTapeParameters
 0x3ddc028 GetCompressedFileSizeW
 0x3ddc02c FindResourceExA
 0x3ddc030 GetLocaleInfoW
 0x3ddc034 SizeofResource
 0x3ddc038 SetSystemTimeAdjustment
 0x3ddc03c GetFileAttributesA
 0x3ddc040 GetExitCodeProcess
 0x3ddc044 GetAtomNameW
 0x3ddc048 GetTimeZoneInformation
 0x3ddc04c GetEnvironmentVariableA
 0x3ddc050 GlobalUnlock
 0x3ddc054 DisconnectNamedPipe
 0x3ddc058 VirtualUnlock
 0x3ddc05c GetConsoleAliasesW
 0x3ddc060 SetLastError
 0x3ddc064 OpenWaitableTimerW
 0x3ddc068 LocalAlloc
 0x3ddc06c SetConsoleCtrlHandler
 0x3ddc070 SetConsoleOutputCP
 0x3ddc074 AddAtomA
 0x3ddc078 GlobalFindAtomW
 0x3ddc07c GlobalUnWire
 0x3ddc080 lstrcatW
 0x3ddc084 VirtualProtect
 0x3ddc088 GetFileTime
 0x3ddc08c GetCurrentProcessId
 0x3ddc090 LocalFree
 0x3ddc094 SetFileAttributesW
 0x3ddc098 LocalFileTimeToFileTime
 0x3ddc09c SetEnvironmentVariableA
 0x3ddc0a0 CompareStringW
 0x3ddc0a4 HeapAlloc
 0x3ddc0a8 GetStartupInfoW
 0x3ddc0ac RaiseException
 0x3ddc0b0 RtlUnwind
 0x3ddc0b4 TerminateProcess
 0x3ddc0b8 GetCurrentProcess
 0x3ddc0bc UnhandledExceptionFilter
 0x3ddc0c0 SetUnhandledExceptionFilter
 0x3ddc0c4 IsDebuggerPresent
 0x3ddc0c8 GetLastError
 0x3ddc0cc DeleteCriticalSection
 0x3ddc0d0 LeaveCriticalSection
 0x3ddc0d4 FatalAppExitA
 0x3ddc0d8 EnterCriticalSection
 0x3ddc0dc VirtualFree
 0x3ddc0e0 VirtualAlloc
 0x3ddc0e4 HeapReAlloc
 0x3ddc0e8 HeapCreate
 0x3ddc0ec HeapDestroy
 0x3ddc0f0 GetModuleHandleW
 0x3ddc0f4 Sleep
 0x3ddc0f8 GetProcAddress
 0x3ddc0fc WriteFile
 0x3ddc100 GetStdHandle
 0x3ddc104 GetModuleFileNameA
 0x3ddc108 GetModuleFileNameW
 0x3ddc10c FreeEnvironmentStringsW
 0x3ddc110 GetEnvironmentStringsW
 0x3ddc114 GetCommandLineW
 0x3ddc118 SetHandleCount
 0x3ddc11c GetFileType
 0x3ddc120 GetStartupInfoA
 0x3ddc124 TlsGetValue
 0x3ddc128 TlsAlloc
 0x3ddc12c TlsSetValue
 0x3ddc130 TlsFree
 0x3ddc134 InterlockedIncrement
 0x3ddc138 GetCurrentThreadId
 0x3ddc13c InterlockedDecrement
 0x3ddc140 GetCurrentThread
 0x3ddc144 QueryPerformanceCounter
 0x3ddc148 GetTickCount
 0x3ddc14c GetSystemTimeAsFileTime
 0x3ddc150 SetFilePointer
 0x3ddc154 WideCharToMultiByte
 0x3ddc158 GetConsoleCP
 0x3ddc15c GetConsoleMode
 0x3ddc160 GetCPInfo
 0x3ddc164 GetACP
 0x3ddc168 GetOEMCP
 0x3ddc16c IsValidCodePage
 0x3ddc170 InitializeCriticalSectionAndSpinCount
 0x3ddc174 FreeLibrary
 0x3ddc178 InterlockedExchange
 0x3ddc17c LoadLibraryA
 0x3ddc180 MultiByteToWideChar
 0x3ddc184 CloseHandle
 0x3ddc188 CreateFileA
 0x3ddc18c HeapSize
 0x3ddc190 SetStdHandle
 0x3ddc194 WriteConsoleA
 0x3ddc198 GetConsoleOutputCP
 0x3ddc19c WriteConsoleW
 0x3ddc1a0 LCMapStringA
 0x3ddc1a4 LCMapStringW
 0x3ddc1a8 GetStringTypeA
 0x3ddc1ac GetStringTypeW
 0x3ddc1b0 GetTimeFormatA
 0x3ddc1b4 GetDateFormatA
 0x3ddc1b8 GetUserDefaultLCID
 0x3ddc1bc GetLocaleInfoA
 0x3ddc1c0 EnumSystemLocalesA
 0x3ddc1c4 IsValidLocale
 0x3ddc1c8 FlushFileBuffers
 0x3ddc1cc ReadFile
 0x3ddc1d0 SetEndOfFile
 0x3ddc1d4 GetProcessHeap
 0x3ddc1d8 CompareStringA
 0x3ddc1dc GetModuleHandleA
USER32.dll
 0x3ddc1e4 GetMonitorInfoA

EAT(Export Address Table) Library

0x472a10 Cruso
0x472a20 Gorgeous
0x472a00 SeeYou

Similarity measure (PE file only) - Checking for service failure