Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.09.06 08:21	Machine	s1_win7_x6401
Filename	faster4upusa.exe
Type	MS-DOS executable, MZ for MS-DOS
AI Score	6	Behavior Score	0.8
ZERO API	file : clean
VT API (file)
md5	9eff1fa203474d2c90d490415fd380c9
sha256	df135888390b1095d03f34e73f600e51f27a338503b99794507749340dac7518
ssdeep	12288:a7iuUvUF2Jx92MoBFJ+Vy2S7Y/BQdx3LpYV/Fd9:a7iuUveDJ+V/S8ZOx7pKNd9
imphash	caa5e6a2892587c2324418efee31c648
impfuzzy	6:nERGDm14CLPMeTc5suVMlEtiLWvGm3LKRgKLbBnaZr4BSo:EcDm1JL0eTQilnL6LKRgCor4BSo

Network IP location

Signature (3cnts)

Level	Description
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (2cnts)

Level	Name	Description	Collection
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32
0x14013d118 GetModuleHandleA
0x14013d120 GetProcAddress
WSOCK32.dll
0x14013d130 WSACleanup
WINMM.dll
0x14013d140 mixerOpen
VERSION.dll
0x14013d150 VerQueryValueW
COMCTL32.dll
0x14013d160 ImageList_Create
PSAPI.DLL
0x14013d170 GetModuleBaseNameW
USER32.dll
0x14013d180 GetDC
GDI32.dll
0x14013d190 BitBlt
COMDLG32.dll
0x14013d1a0 GetOpenFileNameW
ADVAPI32.dll
0x14013d1b0 RegCloseKey
SHELL32.dll
0x14013d1c0 DragFinish
ole32.dll
0x14013d1d0 CoGetObject
OLEAUT32.dll
0x14013d1e0 SafeArrayGetLBound

EAT(Export Address Table) is none

Report - faster4upusa.exe

Signature (3cnts)

Rules (2cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure