ScreenShot
| Created | 2021.05.13 09:44 | Machine | s1_win7_x6401 |
| Filename | update201703280212.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectVM, malware1, Artemis, Unsafe, Fugrafa, Eldorado, Malicious, AGEN, DownLoad4, Generic PUA BD, gssa, Score, Presenoker, GenAsa, DPzVoG23Lus, susgen) | ||
| md5 | 3ccd1b5d4ea318d18cde4f03a6624679 | ||
| sha256 | 5b0a167d886fc4a3f6db12efc525f2a68df7132da2964fd4ccbe393701d9d254 | ||
| ssdeep | 12288:oY8+1sxs5qh9uycgoGnHB5l0XQyWiRmd18A40bCGi0rj8mp9ATPs:PdpDVgJHBv0geRmddx250v8GYPs | ||
| imphash | 8aef394188446c3df5eb3941b57d0414 | ||
| impfuzzy | 6:dBJAEHGDvZ/EwRgsuVM4PiKOaxaZC3EQMbtG:VA/DvZ9Rgi4K2xaZC3EQCG | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x4bc67c LoadLibraryA
0x4bc680 GetProcAddress
0x4bc684 ExitProcess
advapi32.dll
0x4bc68c RegCloseKey
comctl32.dll
0x4bc694 ImageList_Add
gdi32.dll
0x4bc69c SaveDC
ole32.dll
0x4bc6a4 IsEqualGUID
oleaut32.dll
0x4bc6ac VariantClear
shell32.dll
0x4bc6b4 ShellExecuteA
user32.dll
0x4bc6bc GetDC
EAT(Export Address Table) is none
KERNEL32.DLL
0x4bc67c LoadLibraryA
0x4bc680 GetProcAddress
0x4bc684 ExitProcess
advapi32.dll
0x4bc68c RegCloseKey
comctl32.dll
0x4bc694 ImageList_Add
gdi32.dll
0x4bc69c SaveDC
ole32.dll
0x4bc6a4 IsEqualGUID
oleaut32.dll
0x4bc6ac VariantClear
shell32.dll
0x4bc6b4 ShellExecuteA
user32.dll
0x4bc6bc GetDC
EAT(Export Address Table) is none