Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.13 19:45	Machine	s1_win7_x6402
Filename	lol.exe
Type	PE32+ executable (console) x86-64, for MS Windows
AI Score	Not founds	Behavior Score	2.0
ZERO API	file : clean
VT API (file)	43 detected (CoinMiner, malicious, high confidence, GenericKD, Unsafe, Tool, Save, Miners, MHFI, R023H0CGC21, RiskTool, FileRepMalware, Miner, ApplicUnwnt@#ke2es169u7t9, Artemis, Generic PUA BP, Static AI, Malicious PE, ai score=85, score, Miner3, BitCoinMiner, susgen)
md5	57d14b0c79cc490a7c5511b6600976dc
sha256	8b013143e211b4a6d40fae6b44fed792bbb2857ebfc2b5e0fff383d183f93f67
ssdeep	98304:O33c4mPCbBr/y6Shf8tH3iT0/UNlwgOw5alXOm/+w/A6irhLdNqZ/N:kc4UCl/YfZ4/UNmg/5I/0rhL6T
imphash	46c33c2ddb9269495943f4bbe9ce669d
impfuzzy	6:omRg/GVKXKBJAEoZ/OEGDzyRkNTaYDML1KcA5PJ:omRg/WdABZG/DzDZ5PJ

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	The executable is compressed using UPX

Rules (3cnts)

Level	Name	Description	Collection
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
0x1422bc2a4 RegCloseKey
crypt.dll
0x1422bc2b4 BCryptGenRandom
CRYPT32.dll
0x1422bc2c4 CertOpenStore
KERNEL32.DLL
0x1422bc2d4 LoadLibraryA
0x1422bc2dc ExitProcess
0x1422bc2e4 GetProcAddress
0x1422bc2ec VirtualProtect
MSWSOCK.dll
0x1422bc2fc AcceptEx
OpenCL.dll
0x1422bc30c clRetainEvent
SETUPAPI.dll
0x1422bc31c SetupDiGetClassDevsA
USER32.dll
0x1422bc32c ShowWindow
WS2_32.dll
0x1422bc33c ntohl

EAT(Export Address Table) is none

Report - lol.exe

Signature (3cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure