ScreenShot
| Created | 2021.07.28 09:35 | Machine | s1_win7_x6403 |
| Filename | direction.png.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware1, Hacktool, Krap, kZAA, malicious, high confidence, Artemis, Save, confidence, Attribute, HighConfidence, Kryptik, HLVR, ccnc, Static AI, Malicious PE, Vals, Unsafe) | ||
| md5 | 499200f6a8e223c057c6e16701740721 | ||
| sha256 | d7e64f8e65ce586ce2f0a857810b2a23f85140bf5e52e5a824f09787fb2bf45e | ||
| ssdeep | 3072:SEF7LCAtgVteclWZuw72sQI6ja4IyXBiGqfWOSi7NTk+0UylJm2os4nd41RgVTo6:SEFXKVteapw7SIJ4G9dpNyjmJLsRGPhz | ||
| imphash | d34313ce3555dec95480bcae2d5dea6b | ||
| impfuzzy | 3:sUd1EL/K5sJSx2AEZsEQaxRnAAWBJAME:jOLGnECyRniBJAME | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1006206e GetCommandLineW
0x10062072 GetModuleHandleA
0x10062076 VirtualProtectEx
0x1006207a LoadLibraryExA
EAT(Export Address Table) Library
0x1004e30c Opisthotonos
0x1004ef0d Hydrazo
0x1004f133 Overlock
0x1004f962 Automobilist
0x1004ff11 Swampland
0x1005073a Subarachnoid
0x10050a1b Bechained
0x10050aed Unforeseenness
0x100510d9 Incrimination
0x100512d7 Oversystematic
0x10051e20 Shieldless
0x10051f58 Tsarevitch
0x10052094 Torchbearer
0x10052ba4 Moler
0x10053289 Hyperpigmented
0x10053861 Adipous
0x100544c2 Undazzled
0x10054739 Peckishness
0x10054bfd Musophagidae
0x10054c91 Impracticability
0x10054d48 Carcharodon
0x10055e47 Abomine
0x10056267 DllRegisterServer
0x10056458 Brachycranial
0x1005664c Barraclade
0x100573c6 Knag
0x10057f05 Beplaided
0x1005808c Pasqueflower
0x100581c4 Physophorous
0x1005923c Nationalistically
0x100594ed Ineligibly
0x1005984c Antrotome
0x10059ec5 Upways
0x1005a062 Erectility
0x1005a223 DllUnregisterServer
0x1005ac6b Sinnable
0x1005b154 Suomi
0x1005b585 Assessionary
0x1005bd71 Muggins
0x1005c074 Velocipede
0x1005c67b Superedify
0x1005c7ec Sporotrichum
0x1005d155 Petitional
0x1005dbb0 Donee
0x1005dd49 Geullah
0x1005f4d3 Growan
0x10060230 Anilau
kernel32.dll
0x1006206e GetCommandLineW
0x10062072 GetModuleHandleA
0x10062076 VirtualProtectEx
0x1006207a LoadLibraryExA
EAT(Export Address Table) Library
0x1004e30c Opisthotonos
0x1004ef0d Hydrazo
0x1004f133 Overlock
0x1004f962 Automobilist
0x1004ff11 Swampland
0x1005073a Subarachnoid
0x10050a1b Bechained
0x10050aed Unforeseenness
0x100510d9 Incrimination
0x100512d7 Oversystematic
0x10051e20 Shieldless
0x10051f58 Tsarevitch
0x10052094 Torchbearer
0x10052ba4 Moler
0x10053289 Hyperpigmented
0x10053861 Adipous
0x100544c2 Undazzled
0x10054739 Peckishness
0x10054bfd Musophagidae
0x10054c91 Impracticability
0x10054d48 Carcharodon
0x10055e47 Abomine
0x10056267 DllRegisterServer
0x10056458 Brachycranial
0x1005664c Barraclade
0x100573c6 Knag
0x10057f05 Beplaided
0x1005808c Pasqueflower
0x100581c4 Physophorous
0x1005923c Nationalistically
0x100594ed Ineligibly
0x1005984c Antrotome
0x10059ec5 Upways
0x1005a062 Erectility
0x1005a223 DllUnregisterServer
0x1005ac6b Sinnable
0x1005b154 Suomi
0x1005b585 Assessionary
0x1005bd71 Muggins
0x1005c074 Velocipede
0x1005c67b Superedify
0x1005c7ec Sporotrichum
0x1005d155 Petitional
0x1005dbb0 Donee
0x1005dd49 Geullah
0x1005f4d3 Growan
0x10060230 Anilau