Report - shttp3.exe

PE File PE32

ScreenShot

Info
Location map


Created	2021.06.16 09:15	Machine	s1_win7_x6402
Filename	shttp3.exe
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
AI Score	11	Behavior Score	3.4
ZERO API	file : malware
VT API (file)	40 detected (AIDetectVM, malware2, Serverweb, Smallhttp, malicious, Server, enjdq, Malware@#xmfpa0qotwwr, PrivacyRisk, high, score, Small HTTP, Suspicious PE, GrayWare, Occamy, high confidence, SK0OJQ, Generic PUP, AA potentially unsafe, Generic@ML, RDMK, gxJj3CLIbpszGPvpZpIfzQ, WebSrv, susgen, confidence)
md5	50aaf6913329c08eb8be0560cb5a2434
sha256	a863a77b7a0b09530e3bf38fe9714496fe692106f7fe3ec774991d0ad5ddca19
ssdeep	3072:umlS4kfzNcgUOexdmDzttz1KBiJ+3QcafQ8dOAGfmE7JXwMeVoe:um04m1c45UAJ+jcVTEVAMVe
imphash	44d1d3622a1f568fe5a4988612a1b8da
impfuzzy	3:snMO/OywSx2AEZsS9KTXzhAXwWBJAEcXQRWD3n:oZ/O4ERGDYBJAEcXQwD3

Network IP location

Signature (7cnts)

Level	Description
danger	File has been identified by 40 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer

Rules (2cnts)

Level	Name	Description	Collection
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x401100 ExitProcess
0x401104 GetModuleHandleA
0x401108 GetProcAddress
0x40110c LoadLibraryA
USER32.DLL
0x40111c MessageBoxA

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure