popup

Report - CLoader.exe

Anti_VM Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.08 13:29 Machine s1_win7_x6401
Filename CLoader.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
1.2
ZERO API file : malware
VT API (file) 24 detected (malicious, high confidence, Conjar, confidence, Attribute, HighConfidence, GenKryptik, FKNU, Static AI, Malicious PE, AGEN, ai score=84, Pucrpt, score, R442079, BScope, Wacatac, FKJF, ZexaF, @p0@aubcFlp)
md5 5358e3c10a13dacc3c34d118abf7fac9
sha256 4bc7273fd8a64f28cf0d3fd6bde139e7d53a754fe798478ae48d96840402cce4
ssdeep 196608:gQeiliL0t03LyR0Qk9MA2S1bbD0fZhYG7i:iILtGLyHZVWbbD03u
imphash 140094f13383e9ae168c4b35b6af3356
impfuzzy 3:ssDhBAtJ1MO/OywSdop3JzsSxqEsSx2ASAy0JS9KTXzhAXw+cazdX0JEBJJJITpe:/1BOZ/OcoBLSRGDGhFJI59OwZJqBs0JD
  Network IP location

Signature (2cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x100b0a0 CreateThread
 0x100b0a4 ExitProcess
 0x100b0a8 GetComputerNameA
 0x100b0ac GetModuleFileNameA
 0x100b0b0 GetModuleHandleW
 0x100b0b4 GetProcAddress
 0x100b0b8 SetErrorMode
 0x100b0bc Sleep
 0x100b0c0 VirtualAllocExNuma
Shlwapi.dll
 0x100b16c PathFindFileNameA
msvcrt.dll
 0x100b1a4 malloc
 0x100b1a8 free
 0x100b1ac memset
 0x100b1b0 strcmp
 0x100b1b4 _strcmpi
 0x100b1b8 strcpy

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure