Report - PURCHASE ORDER AZAS112.xls.xll

Generic Malware UPX Malicious Library PE64 PE File OS Processor Check DLL
ScreenShot
Created 2021.08.03 10:02 Machine s1_win7_x6401
Filename PURCHASE ORDER AZAS112.xls.xll
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
5
Behavior Score
1.8
ZERO API file : clean
VT API (file) 21 detected (Malicious, score, GenericU, CYRJ, VSNTH221, aeqed, kcloud, Woreflint, DOTHETUK, 59xMQMvn7qc, HggASZkA)
md5 4ebc548df517cae4c7e3122e9c75ede6
sha256 6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
ssdeep 24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm
imphash a31761b5a590c4c499d5f4a347d75c12
impfuzzy 48:aY9xOEttoXyzGpc+pEmM3ij//gja/wTHQL:aY/pttoXyzGpc+pEeVwrQL
  Network IP location

Signature (5cnts)

Level Description
warning File has been identified by 21 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure