popup

Report - WD10.exe

Generic Malware PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.12 10:22 Machine s1_win7_x6402
Filename WD10.exe
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
AI Score
4
 Behavior Score
5.8
ZERO API file : malware
VT API (file) 36 detected (Zlugin, malicious, high confidence, GenericKD, Artemis, Unsafe, Kryptik, ACRC, Lmuf, AGEN, ai score=82, AgentTesla, score, R002C0WJ921, Static AI, Malicious PE, confidence)
md5 a5959a6624804559383ef7244c3f6d34
sha256 6297e12930d76a5cfb6a06b365e417bea872a22160a6e4cfa34f0c37dc7e14ee
ssdeep 12288:v0mwW6kqR9fz9zzQaiJBQ6w9UTecgU8PmLq:v0zbkqRJ9z8vJC6nTzT87
imphash
impfuzzy 3::
  Network IP location

Signature (14cnts)

Level Description
danger File has been identified by 36 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
watch Creates or sets a registry key to a long series of bytes
watch Installs itself for autorun at Windows startup
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates executable files on the filesystem
notice One or more potentially interesting buffers were extracted
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Queries for the computername
info Uses Windows APIs to generate a cryptographic key

Rules (6cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
103.133.110.241
whois
VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP 103.133.110.241 clean
195.133.18.117
whois
RU Domain names registrar REG.RU, Ltd 195.133.18.117 clean

Suricata ids

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure