ScreenShot
| Created | 2021.09.07 15:11 | Machine | s1_win7_x6401 |
| Filename | ojbabas.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 26 detected (Convagent, DownLoader42, LokiBot, Unsafe, Save, ZexaF, kuW@am8F78mi, Attribute, HighConfidence, Malicious, Androm, utsr, MalwareX, Sirefef, Artemis, Gen2, Kryptik, NetTool, score, Generic@ML, RDML, 4uzG9cMK7z0mk7kpKzyjTw, Static AI, Malicious PE) | ||
| md5 | 04980596d66951166fa2ebfd96c84d22 | ||
| sha256 | 1395a50888b4c73f21c6b5a00af040111af037ec72d49bf6d18609d053be2f82 | ||
| ssdeep | 3072:WXmxKcYFvjNwx7yCYOOOOOIOOOMTYOOOOOIOOOPUUYYUYUYUYUYUYUUYUYUYUYOn:uOcKGglq | ||
| imphash | 1f83362a57e6d6a2f15132c167d7f42c | ||
| impfuzzy | 12:2GqLjPmNSs2MXgBDuXhXnztX7XgBXTXaXklXQnpPBwDh:quNp2WgBYBxTgFbcEXMwd | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | TTiger_Keylogger_IN | TTiger Keylogger | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402010 WriteFile
0x402014 FileTimeToSystemTime
0x402018 VirtualAlloc
0x40201c VirtualProtect
0x402020 GetFileInformationByHandle
MPR.dll
0x402028 WNetUseConnectionA
0x40202c WNetCancelConnection2W
0x402030 WNetGetLastErrorA
0x402034 WNetAddConnection3W
0x402038 WNetGetUniversalNameA
WINSPOOL.DRV
0x402048 EnumMonitorsW
0x40204c None
0x402050 GetPrintProcessorDirectoryA
0x402054 FindNextPrinterChangeNotification
0x402058 EnumPortsA
0x40205c GetJobW
0x402060 AddPortA
GDI32.dll
0x402000 ExtEscape
0x402004 Escape
0x402008 SetMapperFlags
msi.dll
0x402068 None
0x40206c None
0x402070 None
USER32.dll
0x402040 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x402010 WriteFile
0x402014 FileTimeToSystemTime
0x402018 VirtualAlloc
0x40201c VirtualProtect
0x402020 GetFileInformationByHandle
MPR.dll
0x402028 WNetUseConnectionA
0x40202c WNetCancelConnection2W
0x402030 WNetGetLastErrorA
0x402034 WNetAddConnection3W
0x402038 WNetGetUniversalNameA
WINSPOOL.DRV
0x402048 EnumMonitorsW
0x40204c None
0x402050 GetPrintProcessorDirectoryA
0x402054 FindNextPrinterChangeNotification
0x402058 EnumPortsA
0x40205c GetJobW
0x402060 AddPortA
GDI32.dll
0x402000 ExtEscape
0x402004 Escape
0x402008 SetMapperFlags
msi.dll
0x402068 None
0x40206c None
0x402070 None
USER32.dll
0x402040 MessageBoxW
EAT(Export Address Table) is none