ScreenShot
| Created | 2021.09.08 11:22 | Machine | s1_win7_x6401 |
| Filename | judecrypted.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware2, malicious, high confidence, Razy, Unsafe, ZexaF, auW@aCXg6nei, ELIG, Attribute, HighConfidence, Convagent, ccmw, TrojanX, Generic@ML, RDML, CWjK5OM8Br6eNWqPSvxMMA, Generic ML PUA, Tnega, score, ai score=80, BScope, Injects, Static AI, Malicious PE, susgen, confidence) | ||
| md5 | d1afdf5f45a0fe6b6629f82c19e178d1 | ||
| sha256 | 4af8190917a24909ef693b0ebb4766ac546821d2d719d61e420012e2492ab743 | ||
| ssdeep | 192:VH0JH08lZH0yH08lg0dH08lKh1b6jgVU:VCvZNvpvdjE | ||
| imphash | 0162c0d4b083e9259ae3a5f11034f58d | ||
| impfuzzy | 12:UhJRAvy1mPBQ/DXnzKp3XOiqIKSTs2Elowti4LKLLn/MAINcccF:UrRA6s2/Dj0nRuSTHEjXLKLLn+NcccF | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Gorgon_Group_IN | Gorgon Group | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WININET.dll
0x402040 FindFirstUrlCacheEntryExW
0x402044 IncrementUrlCacheHeaderData
0x402048 GetUrlCacheHeaderData
0x40204c FindFirstUrlCacheContainerA
0x402050 FtpRemoveDirectoryW
0x402054 InternetGoOnline
0x402058 GetUrlCacheEntryInfoA
MSACM32.dll
0x40201c acmDriverMessage
0x402020 acmFilterEnumW
RESUTILS.dll
0x402028 ResUtilGetResourceNameDependency
0x40202c ResUtilSetPropertyParameterBlock
0x402030 ResUtilAddUnknownProperties
0x402034 ResUtilFindSzProperty
0x402038 ResUtilStopResourceService
urlmon.dll
0x402068 URLDownloadToFileW
0x40206c HlinkSimpleNavigateToString
0x402070 Extract
0x402074 CoGetClassObjectFromURL
0x402078 URLOpenPullStreamW
0x40207c RegisterMediaTypeClass
COMDLG32.dll
0x402000 GetOpenFileNameA
0x402004 GetOpenFileNameW
0x402008 ReplaceTextA
0x40200c ChooseColorW
0x402010 FindTextW
0x402014 FindTextA
ole32.dll
0x402060 CoInstall
EAT(Export Address Table) is none
WININET.dll
0x402040 FindFirstUrlCacheEntryExW
0x402044 IncrementUrlCacheHeaderData
0x402048 GetUrlCacheHeaderData
0x40204c FindFirstUrlCacheContainerA
0x402050 FtpRemoveDirectoryW
0x402054 InternetGoOnline
0x402058 GetUrlCacheEntryInfoA
MSACM32.dll
0x40201c acmDriverMessage
0x402020 acmFilterEnumW
RESUTILS.dll
0x402028 ResUtilGetResourceNameDependency
0x40202c ResUtilSetPropertyParameterBlock
0x402030 ResUtilAddUnknownProperties
0x402034 ResUtilFindSzProperty
0x402038 ResUtilStopResourceService
urlmon.dll
0x402068 URLDownloadToFileW
0x40206c HlinkSimpleNavigateToString
0x402070 Extract
0x402074 CoGetClassObjectFromURL
0x402078 URLOpenPullStreamW
0x40207c RegisterMediaTypeClass
COMDLG32.dll
0x402000 GetOpenFileNameA
0x402004 GetOpenFileNameW
0x402008 ReplaceTextA
0x40200c ChooseColorW
0x402010 FindTextW
0x402014 FindTextA
ole32.dll
0x402060 CoInstall
EAT(Export Address Table) is none