ScreenShot
| Created | 2021.09.08 17:35 | Machine | s1_win7_x6401 |
| Filename | obn.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Razy, Unsafe, ZexaF, auW@a8oJvyci, Threat, HLLSI, based, Maximus, Generic@ML, RDML, Sjzmfu2ZAy27Gdfpkb+aQA, Static AI, Suspicious PE, susgen, ai score=86, Phonzy, score, BScope, Injects, confidence) | ||
| md5 | 4f4126b538d7862b2bc1c7c1513d2a18 | ||
| sha256 | 64504291d0c7a200389df304fa4b88452110ead9cab7de1713393399be8b70d9 | ||
| ssdeep | 192:KH0JH08lYH0yH08lg07H08lVQWF9I5oWUD:KCvYNvXv1K2 | ||
| imphash | 5aac9416dafd435c25e06c0aaa4273a3 | ||
| impfuzzy | 24:OjRAKsQ7lyWkZk+Czk9lz6D2n7jdN2xwd:OjLBlwQzk9lz6D2n/dNyW | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402000 EnumResourceTypesA
RPCRT4.dll
0x402008 RpcRevertToSelf
0x40200c NdrCorrelationInitialize
SETUPAPI.dll
0x402014 SetupGetSourceFileLocationW
0x402018 SetupDiSetClassInstallParamsW
0x40201c SetupDiOpenDeviceInfoA
0x402020 SetupDiGetSelectedDriverW
0x402024 SetupDiDrawMiniIcon
0x402028 SetupSetSourceListA
WSOCK32.dll
0x402078 getsockname
0x40207c ord1114
0x402080 getprotobynumber
0x402084 getservbyname
0x402088 ord1110
0x40208c gethostbyaddr
0x402090 socket
0x402094 WSASetLastError
WINMM.dll
0x402058 waveOutGetPosition
0x40205c mmioSetBuffer
0x402060 WOW32DriverCallback
0x402064 midiStreamPause
0x402068 midiInOpen
0x40206c mxd32Message
0x402070 joyGetDevCapsW
rtutils.dll
0x40209c TraceDeregisterA
0x4020a0 RouterLogRegisterW
0x4020a4 TraceVprintfExW
0x4020a8 LogErrorW
0x4020ac MprSetupProtocolFree
WININET.dll
0x402038 HttpSendRequestW
0x40203c DeleteUrlCacheContainerA
0x402040 FindFirstUrlCacheContainerA
0x402044 InternetAttemptConnect
0x402048 HttpAddRequestHeadersW
0x40204c InternetOpenUrlW
0x402050 DeleteIE3Cache
USER32.dll
0x402030 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x402000 EnumResourceTypesA
RPCRT4.dll
0x402008 RpcRevertToSelf
0x40200c NdrCorrelationInitialize
SETUPAPI.dll
0x402014 SetupGetSourceFileLocationW
0x402018 SetupDiSetClassInstallParamsW
0x40201c SetupDiOpenDeviceInfoA
0x402020 SetupDiGetSelectedDriverW
0x402024 SetupDiDrawMiniIcon
0x402028 SetupSetSourceListA
WSOCK32.dll
0x402078 getsockname
0x40207c ord1114
0x402080 getprotobynumber
0x402084 getservbyname
0x402088 ord1110
0x40208c gethostbyaddr
0x402090 socket
0x402094 WSASetLastError
WINMM.dll
0x402058 waveOutGetPosition
0x40205c mmioSetBuffer
0x402060 WOW32DriverCallback
0x402064 midiStreamPause
0x402068 midiInOpen
0x40206c mxd32Message
0x402070 joyGetDevCapsW
rtutils.dll
0x40209c TraceDeregisterA
0x4020a0 RouterLogRegisterW
0x4020a4 TraceVprintfExW
0x4020a8 LogErrorW
0x4020ac MprSetupProtocolFree
WININET.dll
0x402038 HttpSendRequestW
0x40203c DeleteUrlCacheContainerA
0x402040 FindFirstUrlCacheContainerA
0x402044 InternetAttemptConnect
0x402048 HttpAddRequestHeadersW
0x40204c InternetOpenUrlW
0x402050 DeleteIE3Cache
USER32.dll
0x402030 MessageBoxW
EAT(Export Address Table) is none