ScreenShot
| Created | 2021.09.25 16:59 | Machine | s1_win7_x6401 |
| Filename | file8.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (malicious, high confidence, Fugrafa, Unsafe, Save, confidence, 100%, ZexaF, tvW@ay7LHmii, Predapa, FileRepMetagen, Generic@ML, RDML, GeQnmO8V9GTiFOzRWtxpag, A + Mal, EncPk, Emotet, Static AI, Suspicious PE, ai score=85, kcloud, Predator, score, Artemis, susgen, Kryptik, HMLF) | ||
| md5 | 3146709a424c7546aa78d89159618da8 | ||
| sha256 | 7a5a953b328eddffbd69d55bc2d6626c353bcef9a9a9f4efec49cdaa7ac601ac | ||
| ssdeep | 24576:vtbjtrDHCMuhiGazgrPNpuNUVL2r7cFhI8PRNdmaMdk0vT3ek:VjZTCiGacPNpKg9mDL | ||
| imphash | 240ad64b1428ff5f353dd3a63c168d80 | ||
| impfuzzy | 12:mDoAPqTunJPt2mU2+0KjAOCKcSXWh6RSNX95Sza1n:mDoWJPtRU5P/zckvRC95/l | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x542800 GetProcAddress
0x542804 LoadLibraryA
0x542808 VirtualAlloc
0x54280c VirtualProtect
0x542810 GetCurrentThread
0x542814 GetProcessId
0x542818 GetLastError
0x54281c GetTickCount
user32.dll
0x54283c ReleaseCapture
0x542840 ReleaseDC
0x542844 GetCursorInfo
0x542848 GetCaretBlinkTime
0x54284c GetCapture
winmm.dll
0x542854 midiInReset
winspool.drv
0x54285c DevQueryPrintEx
ole32.dll
0x54282c OleConvertOLESTREAMToIStorage
winspool.drv
0x5500d2 ConvertAnsiDevModeToUnicodeDevmode
msimg32.dll
0x5520d1 TransparentBlt
EAT(Export Address Table) Library
0x4555f6 GetClass
kernel32.dll
0x542800 GetProcAddress
0x542804 LoadLibraryA
0x542808 VirtualAlloc
0x54280c VirtualProtect
0x542810 GetCurrentThread
0x542814 GetProcessId
0x542818 GetLastError
0x54281c GetTickCount
user32.dll
0x54283c ReleaseCapture
0x542840 ReleaseDC
0x542844 GetCursorInfo
0x542848 GetCaretBlinkTime
0x54284c GetCapture
winmm.dll
0x542854 midiInReset
winspool.drv
0x54285c DevQueryPrintEx
ole32.dll
0x54282c OleConvertOLESTREAMToIStorage
winspool.drv
0x5500d2 ConvertAnsiDevModeToUnicodeDevmode
msimg32.dll
0x5520d1 TransparentBlt
EAT(Export Address Table) Library
0x4555f6 GetClass