Report - file11.bin

PE32 PE File
ScreenShot
Created 2021.07.15 10:25 Machine s1_win7_x6402
Filename file11.bin
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
Behavior Score
2.6
ZERO API file : clean
VT API (file) 22 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, ku0@aC8ydPc, Convagent, FileRepMalware, A + Mal, EncPk, score, MachineLearning, Anomalous, Generic@ML, RDML, UpP+AL3X9hrYYQoGiPde+Q, Static AI, Malicious PE, QVM20)
md5 222d9a3950c1dd4e9d659e51e46ca608
sha256 f00e60f5f094abfe9448d10cb84194e73c0e0f2cb52f00d474d6420cb001c579
ssdeep 3072:QWiJzQu5JD9ko9WY1wzxWrPA0Nt7L5cWlvsRwmhnxONgkDY:QLquAkPA07X5WncNgk
imphash e9cbee8358b331a128409a4d26e3e347
impfuzzy 24:YrVPU9V4Wl6vDNyvg8JyA6LCVdW9gPlgjNjVGQtnAW1e/lF4lb8:YJw4vFCVdWgs5GunAWE/lF4lb8
  Network IP location

Signature (6cnts)

Level Description
warning File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info This executable has a PDB path

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x100150f0 feof
 0x100150f4 ungetwc
ADVAPI32.dll
 0x10015000 LookupPrivilegeValueA
 0x10015004 LogonUserA
 0x10015008 GetServiceDisplayNameW
pdh.dll
 0x10015104 PdhEnumObjectsW
KERNEL32.dll
 0x10015034 GetLargestConsoleWindowSize
 0x10015038 WritePrivateProfileStructW
 0x1001503c CloseHandle
 0x10015040 GetCurrentThread
 0x10015044 LocalSize
 0x10015048 FindFirstVolumeW
 0x1001504c GetCommTimeouts
 0x10015050 IsValidLanguageGroup
 0x10015054 lstrcatA
 0x10015058 GetTempFileNameA
 0x1001505c IsDebuggerPresent
 0x10015060 GetModuleHandleA
 0x10015064 GetProcAddress
 0x10015068 OutputDebugStringA
 0x1001506c CreateProcessA
 0x10015070 LoadLibraryA
 0x10015074 GetTimeFormatW
MPRAPI.dll
 0x1001507c MprInfoBlockRemove
GDI32.dll
 0x10015018 Rectangle
 0x1001501c GetDeviceGammaRamp
 0x10015020 GetRgnBox
 0x10015024 GetTextExtentPointA
SHLWAPI.dll
 0x100150a0 StrCSpnIW
WINSPOOL.DRV
 0x100150e0 FindClosePrinterChangeNotification
mscms.dll
 0x100150e8 GetColorProfileElement
WININET.dll
 0x100150d0 InternetCrackUrlA
ole32.dll
 0x100150fc HPALETTE_UserFree
SETUPAPI.dll
 0x10015090 SetupDiGetClassDevsExW
 0x10015094 SetupDiGetDeviceInterfaceDetailA
 0x10015098 SetupDiInstallClassExA
WINMM.dll
 0x100150d8 mixerSetControlDetails
OLEAUT32.dll
 0x10015084 VarI4FromDate
 0x10015088 SysStringByteLen
ESENT.dll
 0x10015010 JetSeek
IPHLPAPI.DLL
 0x1001502c FlushIpNetTable
USER32.dll
 0x100150a8 DefDlgProcW
 0x100150ac GrayStringW
 0x100150b0 MsgWaitForMultipleObjects
 0x100150b4 GetMenuState
 0x100150b8 GetScrollRange
 0x100150bc GetRawInputDeviceInfoW
 0x100150c0 GetShellWindow
 0x100150c4 GetClassInfoExW
 0x100150c8 GetMenu

EAT(Export Address Table) Library

0x1001525e DoorrledFgppr


Similarity measure (PE file only) - Checking for service failure