ScreenShot
| Created | 2021.06.24 09:43 | Machine | s1_win7_x6401 |
| Filename | ipk.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (AIDetect, malware1, malicious, high confidence, Johnnie, Mpdd, Zbot, FBFT, Unsafe, Save, confidence, 100%, NewHeur, VBTrojan, Maximus, Attribute, HighConfidence, a variant of NewHeur, iwoqax, ALCI@53390z, R06CC0PFI21, Swisyn, Static AI, Malicious PE, Score, ai score=100, Ebgl, +ZlTKsvbZmQ, susgen, CoinMiner, AAPK) | ||
| md5 | f17b3c3000d658c9b90ac9cace3b1ebf | ||
| sha256 | 4b4a677a8035537233757f522aee7e234789189a5ee193d251efad22fdd3598c | ||
| ssdeep | 1536:Wi0NGfQpi7M5Dxhsnma97n2tRRMcG8acC9REHr7dQo283QcA0I:WXKma972tRRMcG80wak3QV1 | ||
| imphash | e62bfa4a1a0419c1b5ae48ae8b773001 | ||
| impfuzzy | 48:nmzl/wzxQQZwgmU6wegkRxNxR939wxwoFrjic1SxgZ3xlTNtm9FNjcWFzpcglhH8:nmzl/GxQQZfmU6ZgkRxNxR9NAdFrjicB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 __vbaStrI2
0x401004 _CIcos
0x401008 _adj_fptan
0x40100c __vbaStrI4
0x401010 __vbaVarMove
0x401014 __vbaFreeVar
0x401018 __vbaAryMove
0x40101c __vbaStrVarMove
0x401020 __vbaLenBstr
0x401024 __vbaFreeVarList
0x401028 __vbaEnd
0x40102c __vbaPut3
0x401030 _adj_fdiv_m64
0x401034 __vbaFreeObjList
0x401038 _adj_fprem1
0x40103c __vbaStrCat
0x401040 __vbaSetSystemError
0x401044 __vbaHresultCheckObj
0x401048 _adj_fdiv_m32
0x40104c __vbaAryVar
0x401050 None
0x401054 None
0x401058 __vbaAryDestruct
0x40105c __vbaOnError
0x401060 _adj_fdiv_m16i
0x401064 __vbaObjSetAddref
0x401068 _adj_fdivr_m16i
0x40106c __vbaBoolVar
0x401070 __vbaBoolVarNull
0x401074 _CIsin
0x401078 __vbaErase
0x40107c __vbaChkstk
0x401080 __vbaFileClose
0x401084 EVENT_SINK_AddRef
0x401088 __vbaGenerateBoundsError
0x40108c None
0x401090 __vbaGet3
0x401094 __vbaStrCmp
0x401098 __vbaAryConstruct2
0x40109c __vbaI2I4
0x4010a0 __vbaObjVar
0x4010a4 __vbaVarLikeVar
0x4010a8 DllFunctionCall
0x4010ac _adj_fpatan
0x4010b0 EVENT_SINK_Release
0x4010b4 _CIsqrt
0x4010b8 EVENT_SINK_QueryInterface
0x4010bc __vbaExceptHandler
0x4010c0 None
0x4010c4 __vbaStrToUnicode
0x4010c8 _adj_fprem
0x4010cc _adj_fdivr_m64
0x4010d0 None
0x4010d4 __vbaI2Str
0x4010d8 None
0x4010dc __vbaFPException
0x4010e0 None
0x4010e4 __vbaUbound
0x4010e8 __vbaStrVarVal
0x4010ec __vbaVarCat
0x4010f0 None
0x4010f4 None
0x4010f8 _CIlog
0x4010fc __vbaErrorOverflow
0x401100 __vbaFileOpen
0x401104 __vbaR8Str
0x401108 __vbaVar2Vec
0x40110c __vbaNew2
0x401110 _adj_fdiv_m32i
0x401114 _adj_fdivr_m32i
0x401118 __vbaStrCopy
0x40111c __vbaI4Str
0x401120 __vbaFreeStrList
0x401124 __vbaVarNot
0x401128 None
0x40112c _adj_fdivr_m32
0x401130 _adj_fdiv_r
0x401134 None
0x401138 __vbaVarSetVar
0x40113c __vbaI4Var
0x401140 __vbaAryLock
0x401144 __vbaLateMemCall
0x401148 __vbaVarDup
0x40114c __vbaStrToAnsi
0x401150 __vbaVarCopy
0x401154 __vbaLateMemCallLd
0x401158 _CIatan
0x40115c __vbaStrMove
0x401160 __vbaAryCopy
0x401164 _allmul
0x401168 _CItan
0x40116c __vbaAryUnlock
0x401170 _CIexp
0x401174 __vbaFreeStr
0x401178 __vbaFreeObj
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 __vbaStrI2
0x401004 _CIcos
0x401008 _adj_fptan
0x40100c __vbaStrI4
0x401010 __vbaVarMove
0x401014 __vbaFreeVar
0x401018 __vbaAryMove
0x40101c __vbaStrVarMove
0x401020 __vbaLenBstr
0x401024 __vbaFreeVarList
0x401028 __vbaEnd
0x40102c __vbaPut3
0x401030 _adj_fdiv_m64
0x401034 __vbaFreeObjList
0x401038 _adj_fprem1
0x40103c __vbaStrCat
0x401040 __vbaSetSystemError
0x401044 __vbaHresultCheckObj
0x401048 _adj_fdiv_m32
0x40104c __vbaAryVar
0x401050 None
0x401054 None
0x401058 __vbaAryDestruct
0x40105c __vbaOnError
0x401060 _adj_fdiv_m16i
0x401064 __vbaObjSetAddref
0x401068 _adj_fdivr_m16i
0x40106c __vbaBoolVar
0x401070 __vbaBoolVarNull
0x401074 _CIsin
0x401078 __vbaErase
0x40107c __vbaChkstk
0x401080 __vbaFileClose
0x401084 EVENT_SINK_AddRef
0x401088 __vbaGenerateBoundsError
0x40108c None
0x401090 __vbaGet3
0x401094 __vbaStrCmp
0x401098 __vbaAryConstruct2
0x40109c __vbaI2I4
0x4010a0 __vbaObjVar
0x4010a4 __vbaVarLikeVar
0x4010a8 DllFunctionCall
0x4010ac _adj_fpatan
0x4010b0 EVENT_SINK_Release
0x4010b4 _CIsqrt
0x4010b8 EVENT_SINK_QueryInterface
0x4010bc __vbaExceptHandler
0x4010c0 None
0x4010c4 __vbaStrToUnicode
0x4010c8 _adj_fprem
0x4010cc _adj_fdivr_m64
0x4010d0 None
0x4010d4 __vbaI2Str
0x4010d8 None
0x4010dc __vbaFPException
0x4010e0 None
0x4010e4 __vbaUbound
0x4010e8 __vbaStrVarVal
0x4010ec __vbaVarCat
0x4010f0 None
0x4010f4 None
0x4010f8 _CIlog
0x4010fc __vbaErrorOverflow
0x401100 __vbaFileOpen
0x401104 __vbaR8Str
0x401108 __vbaVar2Vec
0x40110c __vbaNew2
0x401110 _adj_fdiv_m32i
0x401114 _adj_fdivr_m32i
0x401118 __vbaStrCopy
0x40111c __vbaI4Str
0x401120 __vbaFreeStrList
0x401124 __vbaVarNot
0x401128 None
0x40112c _adj_fdivr_m32
0x401130 _adj_fdiv_r
0x401134 None
0x401138 __vbaVarSetVar
0x40113c __vbaI4Var
0x401140 __vbaAryLock
0x401144 __vbaLateMemCall
0x401148 __vbaVarDup
0x40114c __vbaStrToAnsi
0x401150 __vbaVarCopy
0x401154 __vbaLateMemCallLd
0x401158 _CIatan
0x40115c __vbaStrMove
0x401160 __vbaAryCopy
0x401164 _allmul
0x401168 _CItan
0x40116c __vbaAryUnlock
0x401170 _CIexp
0x401174 __vbaFreeStr
0x401178 __vbaFreeObj
EAT(Export Address Table) is none