Report - mb.exe

PE File PE32
ScreenShot
Created 2021.08.24 12:27 Machine s1_win7_x6401
Filename mb.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
6
Behavior Score
1.6
ZERO API file : malware
VT API (file) 21 detected (malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, GenKryptik, FJKM, PWSX, XPACK, Gen7, Crowti, PWSZbot, Wacatac, GenericRXAA, AgentTesla, Generic@ML, RDML, t9GBgrpNDYyJSsj3XruWag, ZexaF, oqZ@a0JW9iki)
md5 5c2f7d7c59e2651c57690c5e76ebf2a7
sha256 a8e95918b0b89f9c8eddfbea9c211c998719835b2efb91c418d463bda647916e
ssdeep 6144:m+Q/wqo9WFEOuAfL18l22SJUZcBDS4wQiZqZ2:SQ9WpZBa2XUZcBxwdqs
imphash 6ef74f7b87fa15b6df54d064a5b8ef31
impfuzzy 12:SO5JExj78BZGzjgqWZhbZDoA9GScPuGA9R4QwDkM+BsfThpJqE:SOTExjCLrZDonuGA9JwQNunqE
  Network IP location

Signature (3cnts)

Level Description
warning File has been identified by 21 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Terminates another process

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x403000 GetStdHandle
 0x403004 GetCommandLineW
 0x403008 WriteFile
 0x40300c GetLastError
 0x403010 HeapAlloc
 0x403014 HeapFree
 0x403018 GetProcessHeap
 0x40301c WaitForSingleObject
 0x403020 GetCurrentProcess
 0x403024 ExitProcess
 0x403028 GetExitCodeProcess
 0x40302c CreateProcessW
 0x403030 GetWindowsDirectoryW
 0x403034 VirtualProtect
 0x403038 IsWow64Process
 0x40303c FreeLibrary
 0x403040 GetModuleHandleW
 0x403044 GetProcAddress
 0x403048 LoadLibraryExW
 0x40304c LocalFree
 0x403050 GetBinaryTypeW
 0x403054 lstrlenW
 0x403058 WideCharToMultiByte
 0x40305c EnumTimeFormatsW
 0x403060 GetConsoleOutputCP
 0x403064 WriteConsoleW
USER32.dll
 0x40307c LoadStringW
 0x403080 MessageBoxW
ole32.dll
 0x403088 OleInitialize
 0x40308c OleUninitialize
MSVCRT.dll
 0x40306c towlower
 0x403070 malloc
 0x403074 memset

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure