ScreenShot
| Created | 2021.09.07 14:59 | Machine | s1_win7_x6402 |
| Filename | faster4upusa.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 13 detected (malicious, high confidence, score, Artemis, Static AI, Suspicious PE, AutoIt, SmallAHKDownloader, InvalidSig, confidence, susgen) | ||
| md5 | 9eff1fa203474d2c90d490415fd380c9 | ||
| sha256 | df135888390b1095d03f34e73f600e51f27a338503b99794507749340dac7518 | ||
| ssdeep | 12288:a7iuUvUF2Jx92MoBFJ+Vy2S7Y/BQdx3LpYV/Fd9:a7iuUveDJ+V/S8ZOx7pKNd9 | ||
| imphash | caa5e6a2892587c2324418efee31c648 | ||
| impfuzzy | 6:nERGDm14CLPMeTc5suVMlEtiLWvGm3LKRgKLbBnaZr4BSo:EcDm1JL0eTQilnL6LKRgCor4BSo | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32
0x14013d118 GetModuleHandleA
0x14013d120 GetProcAddress
WSOCK32.dll
0x14013d130 WSACleanup
WINMM.dll
0x14013d140 mixerOpen
VERSION.dll
0x14013d150 VerQueryValueW
COMCTL32.dll
0x14013d160 ImageList_Create
PSAPI.DLL
0x14013d170 GetModuleBaseNameW
USER32.dll
0x14013d180 GetDC
GDI32.dll
0x14013d190 BitBlt
COMDLG32.dll
0x14013d1a0 GetOpenFileNameW
ADVAPI32.dll
0x14013d1b0 RegCloseKey
SHELL32.dll
0x14013d1c0 DragFinish
ole32.dll
0x14013d1d0 CoGetObject
OLEAUT32.dll
0x14013d1e0 SafeArrayGetLBound
EAT(Export Address Table) is none
KERNEL32
0x14013d118 GetModuleHandleA
0x14013d120 GetProcAddress
WSOCK32.dll
0x14013d130 WSACleanup
WINMM.dll
0x14013d140 mixerOpen
VERSION.dll
0x14013d150 VerQueryValueW
COMCTL32.dll
0x14013d160 ImageList_Create
PSAPI.DLL
0x14013d170 GetModuleBaseNameW
USER32.dll
0x14013d180 GetDC
GDI32.dll
0x14013d190 BitBlt
COMDLG32.dll
0x14013d1a0 GetOpenFileNameW
ADVAPI32.dll
0x14013d1b0 RegCloseKey
SHELL32.dll
0x14013d1c0 DragFinish
ole32.dll
0x14013d1d0 CoGetObject
OLEAUT32.dll
0x14013d1e0 SafeArrayGetLBound
EAT(Export Address Table) is none