Report - file1.bin

PE32 PE File
ScreenShot
Created 2021.07.15 10:16 Machine s1_win7_x6402
Filename file1.bin
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
7
Behavior Score
2.8
ZERO API file : clean
VT API (file) 24 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Emotet, Eldorado, Attribute, HighConfidence, Bsymem, A + Mal, EncPk, Ransomware, score, ZexaF, vu0@aWiramab, MachineLearning, Anomalous, 100%, Generic@ML, RDML, ctX2WonfkoZB9lEXvMa90w, Static AI, Malicious PE, susgen, confidence, QVM20)
md5 7d018423023461e09eb3b64b961092dd
sha256 956e66f820c127b655c4e59af455c4cc827d43b111f4cf260b6da1d30ac443b2
ssdeep 6144:vpWMSmgY0IyFpXjsCEqhp3xuo8Pr7Jjc7wPx5C:kHP7LFVst+0oA71+KC
imphash c3803752167a683f3dbd2e2ab3d19b6d
impfuzzy 24:NisHJ2sJWSTTgmDo8gwLGtAOA9OAaCnym:NOHwLUAzIAaG
  Network IP location

Signature (7cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info This executable has a PDB path

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

POWRPROF.dll
 0x44d074 IsPwrHibernateAllowed
 0x44d078 ReadGlobalPwrPolicy
KERNEL32.dll
 0x44d018 LoadLibraryExW
 0x44d01c LocalFree
 0x44d020 GetCurrentConsoleFont
 0x44d024 AddConsoleAliasA
 0x44d028 HeapWalk
 0x44d02c HeapCreate
 0x44d030 EraseTape
 0x44d034 EnumSystemLocalesA
 0x44d038 GetModuleHandleW
 0x44d03c GetProcessAffinityMask
 0x44d040 SetFileAttributesW
 0x44d044 DeleteVolumeMountPointW
 0x44d048 LockFile
 0x44d04c GetLocaleInfoW
 0x44d050 FillConsoleOutputAttribute
 0x44d054 GetConsoleCursorInfo
 0x44d058 GlobalFindAtomA
 0x44d05c GetProcAddress
 0x44d060 LoadLibraryA
 0x44d064 GetModuleHandleA
 0x44d068 GlobalAddAtomW
 0x44d06c FindFirstFileA
WININET.dll
 0x44d09c RetrieveUrlCacheEntryStreamW
msvcrt.dll
 0x44d0ac memset
USER32.dll
 0x44d080 GetWindowRect
 0x44d084 InsertMenuA
 0x44d088 GetClipboardFormatNameA
 0x44d08c SetCursor
 0x44d090 ShowCaret
 0x44d094 IsWindow
ole32.dll
 0x44d0b4 CoFreeUnusedLibrariesEx
GDI32.dll
 0x44d000 GetDeviceCaps
 0x44d004 GetObjectW
 0x44d008 GetCharWidthW
 0x44d00c GetPaletteEntries
 0x44d010 GetBitmapBits
WINSPOOL.DRV
 0x44d0a4 FindNextPrinterChangeNotification

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure