ScreenShot
Created | 2021.04.13 10:26 | Machine | s1_win7_x6402 |
Filename | loligang.spc | ||
Type | ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 38 detected (Unix, Mirai, Linux, Save, Camelot, a variant of Linux, SMBEM, Malicious, score, ckta, bonb, ai score=81, ASELF, Encoded, Gen10, CLASSIC, Gafgyt, susgen) | ||
md5 | 1e73cf9148d10aef910af3800a6330af | ||
sha256 | 455e624cacd6251288643472fd0395d095f797c015cfa196317345681a26f345 | ||
ssdeep | 1536:vsnCSemCLLWeKNJ+1kbOSYcpC636v/bcYSZBFFi:rS1+SYccv/gp/i | ||
imphash | |||
impfuzzy |
Network IP location
Signature (9cnts)
Level | Description |
---|---|
danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Performs some HTTP requests |
notice | Sends data using the HTTP POST Method |
notice | Yara rule detected in process memory |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
Rules (9cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | anti_dbg | Checks if being debugged | memory |
info | DebuggerCheck__GlobalFlags | (no description) | memory |
info | DebuggerCheck__QueryInfo | (no description) | memory |
info | DebuggerHiding__Active | (no description) | memory |
info | DebuggerHiding__Thread | (no description) | memory |
info | disable_dep | Bypass DEP | memory |
info | SEH__vectored | (no description) | memory |
info | ThreadControl__Context | (no description) | memory |
info | win_files_operation | Affect private profile | memory |