ScreenShot
| Created | 2021.06.25 13:33 | Machine | s1_win7_x6401 |
| Filename | moe_map.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, Attribute, HighConfidence, MalwareX, AGEN, Wacapew, score, Static AI, Suspicious PE, susgen) | ||
| md5 | e0400147067de5edf218ab94927d71a9 | ||
| sha256 | 0deaacb280bc7ce33416186f4bd52a2379152b003faae185dcc55be78193d0db | ||
| ssdeep | 6144:Z36qfxR9vZuA/b0dwBU4+3sWOUT1yVFDGaJx11pBL1GzmUpKx:ZhfxvxvHvyD1yH6aJx1FxKmUW | ||
| imphash | b355ef0f8211aabadb8102dc64e53bb6 | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/ExXSic9WNsYbtHDn:VA/DzqYOZG1j | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to modify browser security settings |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x5b8784 LoadLibraryA
0x5b8788 GetProcAddress
0x5b878c VirtualProtect
0x5b8790 VirtualAlloc
0x5b8794 VirtualFree
0x5b8798 ExitProcess
advapi32.dll
0x5b87a0 MD5Init
gdi32.dll
0x5b87a8 SetBkColor
msvcrt.dll
0x5b87b0 _iob
ole32.dll
0x5b87b8 CoInitialize
shell32.dll
0x5b87c0 ShellExecuteA
user32.dll
0x5b87c8 SetFocus
EAT(Export Address Table) is none
KERNEL32.DLL
0x5b8784 LoadLibraryA
0x5b8788 GetProcAddress
0x5b878c VirtualProtect
0x5b8790 VirtualAlloc
0x5b8794 VirtualFree
0x5b8798 ExitProcess
advapi32.dll
0x5b87a0 MD5Init
gdi32.dll
0x5b87a8 SetBkColor
msvcrt.dll
0x5b87b0 _iob
ole32.dll
0x5b87b8 CoInitialize
shell32.dll
0x5b87c0 ShellExecuteA
user32.dll
0x5b87c8 SetFocus
EAT(Export Address Table) is none