popup

Report - a.dot

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.23 18:38 Machine s1_win7_x3201
Filename a.dot
Type data
AI Score Not founds Behavior Score
3.8
ZERO API file : clean
VT API (file) 24 detected (ObfsObjDat, CVE-2017-1188, CVE2017, Camelot, Bloodhound, multiple detections, Malicious, score, dinbqn, RTFMALFORM, Malformed, ai score=85, Malform, Probably Heur, RTFBadHeader)
md5 fdd0b9ab0a8d70288ddef6337b62d151
sha256 d7fff20cd5ea5385a79862bf1a74b3ddfeea8d04509d4f6c1bd65ca819a9eb0c
ssdeep 192:P9MngD0sW6JfOfwgpDle9jLDjfGtNtEq9OOj56mfwLZhl:8ghtmwgpyD6KqwpDLZhl
imphash
impfuzzy
  Network IP location

Signature (8cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
warning Generates some ICMP traffic
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Connects to a Dynamic DNS Domain
notice Creates hidden or system file
notice Performs some HTTP requests
info One or more processes crashed

Rules (0cnts)

Level Name Description Collection

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
whois
Unknown 192.168.56.103 clean
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
whois
Unknown 192.168.56.103 clean
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
whois
Unknown 192.168.56.103 clean
http://armyscheme.sytes.net/win/xles.exe
whois
KR AMAZON-02 3.35.236.132 1123 malware
armyscheme.sytes.net
whois
KR AMAZON-02 3.35.236.132 malware
3.35.236.132
whois
KR AMAZON-02 3.35.236.132 malware

Suricata ids

ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain
ET POLICY PE EXE or DLL Windows file download HTTP

Similarity measure (PE file only) - Checking for service failure