ScreenShot
| Created | 2021.06.24 23:20 | Machine | s1_win7_x6402 |
| Filename | Nulti.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (GenericKD, malicious, confidence, ai score=85, score) | ||
| md5 | 9985f01fc09605c9cd959a7564606f2c | ||
| sha256 | f587e0f32012fccf9a735edc91cb29d4853a7355d6fa3a1af94f2219884be447 | ||
| ssdeep | 24576:LrGmyRFY+Sg5w4SlFeFSkefIS/WC8uw5p1fncv:WHFsgO4SGFSkeZeC8uj | ||
| imphash | 48e414e431433a62713440d22abb8343 | ||
| impfuzzy | 6:nERGDmJcLPMeTc5suVMlEtHo468QLWvGmeGtRgKLbBnaZr4BSo:EcDmaL0eTQilWLSLORgCor4BSo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32
0x14031612c GetModuleHandleA
0x140316134 GetProcAddress
WSOCK32.dll
0x140316144 gethostbyname
WINMM.dll
0x140316154 mixerOpen
VERSION.dll
0x140316164 VerQueryValueW
COMCTL32.dll
0x140316174 ImageList_Create
PSAPI.DLL
0x140316184 GetModuleBaseNameW
WININET.dll
0x140316194 InternetOpenW
USER32.dll
0x1403161a4 GetDC
GDI32.dll
0x1403161b4 BitBlt
COMDLG32.dll
0x1403161c4 GetSaveFileNameW
ADVAPI32.dll
0x1403161d4 RegCloseKey
SHELL32.dll
0x1403161e4 DragFinish
ole32.dll
0x1403161f4 CoGetObject
OLEAUT32.dll
0x140316204 SafeArrayGetLBound
EAT(Export Address Table) is none
KERNEL32
0x14031612c GetModuleHandleA
0x140316134 GetProcAddress
WSOCK32.dll
0x140316144 gethostbyname
WINMM.dll
0x140316154 mixerOpen
VERSION.dll
0x140316164 VerQueryValueW
COMCTL32.dll
0x140316174 ImageList_Create
PSAPI.DLL
0x140316184 GetModuleBaseNameW
WININET.dll
0x140316194 InternetOpenW
USER32.dll
0x1403161a4 GetDC
GDI32.dll
0x1403161b4 BitBlt
COMDLG32.dll
0x1403161c4 GetSaveFileNameW
ADVAPI32.dll
0x1403161d4 RegCloseKey
SHELL32.dll
0x1403161e4 DragFinish
ole32.dll
0x1403161f4 CoGetObject
OLEAUT32.dll
0x140316204 SafeArrayGetLBound
EAT(Export Address Table) is none