ScreenShot
Created | 2021.09.06 13:39 | Machine | s1_win7_x6401 |
Filename | Request for Quote 30-08-2021·pdf.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 33 detected (AIDetect, malware1, WBVB, malicious, high confidence, GenericKD, GuLoader, Unsafe, GenKryptik, VBKrypt, Eldorado, Attribute, HighConfidence, FJSR, Androm, utki, Static AI, Malicious PE, VBObfuse, FDCG, ai score=88, CLASSIC, AvsArher, bTx33N, Behavior, ZevbaF, hm0@a4TW33ji) | ||
md5 | 612bb2a0321b426e684e268ed72e9776 | ||
sha256 | 3c5274e97f7c385ed2cebb06a3b0ec49159027b9de3668206044ec4ed52709e5 | ||
ssdeep | 1536:PWxwIvagrZAyQY754JiXst92OvAdBtG/sPY/A6rE0FXEoekX:P0laGAyQYt4Ji8vhAA/G09EoRX | ||
imphash | c42d5cd53ab0f6ec2316f135b7a5f0ad | ||
impfuzzy | 6:HHTNczvDnORq5BBMNeSq8rT/VC1nq4Hn1rnOZTCR6lJU1UUbUtpUWByrLo:nTOfEqKNevoTY1n9H1TEhlaeNt6WBio |
Network IP location
Signature (8cnts)
Level | Description |
---|---|
danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
watch | Attempts to create or modify system certificates |
watch | Enumerates services |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | Downloads a file or document from Google Drive |
notice | Performs some HTTP requests |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | GuLoader_IN | GuLoader | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 None
0x401004 MethCallEngine
0x401008 None
0x40100c None
0x401010 None
0x401014 None
0x401018 EVENT_SINK_AddRef
0x40101c None
0x401020 DllFunctionCall
0x401024 EVENT_SINK_Release
0x401028 EVENT_SINK_QueryInterface
0x40102c __vbaExceptHandler
0x401030 None
0x401034 None
0x401038 None
0x40103c None
0x401040 None
0x401044 None
0x401048 None
0x40104c None
0x401050 None
0x401054 None
0x401058 None
0x40105c None
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 None
0x401004 MethCallEngine
0x401008 None
0x40100c None
0x401010 None
0x401014 None
0x401018 EVENT_SINK_AddRef
0x40101c None
0x401020 DllFunctionCall
0x401024 EVENT_SINK_Release
0x401028 EVENT_SINK_QueryInterface
0x40102c __vbaExceptHandler
0x401030 None
0x401034 None
0x401038 None
0x40103c None
0x401040 None
0x401044 None
0x401048 None
0x40104c None
0x401050 None
0x401054 None
0x401058 None
0x40105c None
EAT(Export Address Table) is none