popup

Report - 9.83B.exe

PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.25 10:56 Machine s1_win7_x6402
Filename 9.83B.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, RAR self-extracting archive
AI Score
5
 Behavior Score
3.4
ZERO API file : clean
VT API (file) 24 detected (Johnnie, Artemis, malicious, BadFile, HackTool, Bulz, Pasta, ai score=86, RemoteAdmin, Zpevdo, suspected of Malware, Static AI, Suspicious SFX, PossibleThreat)
md5 358b9c802b3f1774ba1c55ef94faa427
sha256 e4a463c21c0705bc2254676b93cfb3b953341386f8f7ae7f0e9c94aa95609734
ssdeep 49152:WCjuL2rFNy8oD7lPcRjqsOLaAh9gocAc9XTFzcWrOclS8SWvtWqGj:WCjuLsNy2OLj/Lc1TFzcsll+
imphash 8b21ff8a0d0059e9d67b568f049de051
impfuzzy 3:swBJAEPwS9KTXzhAXw1MO/EX9CROXdqXlpBrpAGCMLZExJWNsJWbWzJde3Q4:dBJAEHGDvZ/EwRgs5LMWNsYbS4Q4
  Network IP location

Signature (8cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is compressed using UPX
info One or more processes crashed
info The executable uses a known packer

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x41f950 LoadLibraryA
 0x41f954 GetProcAddress
 0x41f958 ExitProcess
ADVAPI32.DLL
 0x41f960 RegCloseKey
COMCTL32.DLL
 0x41f968 None
GDI32.DLL
 0x41f970 DeleteObject
OLE32.DLL
 0x41f978 OleInitialize
SHELL32.DLL
 0x41f980 SHGetMalloc
USER32.DLL
 0x41f988 SetMenu

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure