Report - shttp3.exe

PE File PE32

ScreenShot

Info
Location map


Created	2021.06.05 10:46	Machine	s1_win7_x6402
Filename	shttp3.exe
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
AI Score	11	Behavior Score	3.4
ZERO API	file : malware
VT API (file)	42 detected (AIDetectVM, malware2, malicious, high confidence, Server, Unsafe, Tool, ZMGP, Attribute, HighConfidence, SmallHTTP, AA potentially unsafe, ServerWeb, enjdq, Small HTTP, Malware@#3rv2smigq80h6, R002C0DHC20, VirRansom, Static AI, Suspicious PE, Presenoker, Occamy, score, Generic PUP, ai score=98, Generic@ML, RDMK, V45pwdSUo6HmNDGS0xuWuQ, WebSrv, xIU6S+mmHjs, susgen, confidence)
md5	1eb15f19afe77f525510b2a3f2f7aba3
sha256	b8edc36da64ff688d0ce92996a9207790063a6d3068da6516f0b83dc28501f79
ssdeep	3072:Mmjga722qlwJlpnTeDq3btOfb5zIpKe6eV5orfVzKfE+wMxIgF:Mmj9993Te+3btOflsjWrRKfEKIg
imphash	44d1d3622a1f568fe5a4988612a1b8da
impfuzzy	3:snMO/OywSx2AEZsS9KTXzhAXwWBJAEcXQRWD3n:oZ/O4ERGDYBJAEcXQwD3

Network IP location

Signature (7cnts)

Level	Description
danger	File has been identified by 42 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer

Rules (2cnts)

Level	Name	Description	Collection
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x401100 ExitProcess
0x401104 GetModuleHandleA
0x401108 GetProcAddress
0x40110c LoadLibraryA
USER32.DLL
0x40111c MessageBoxA

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure