Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.18 09:40	Machine	s1_win7_x6402
Filename	lv.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	6	Behavior Score	2.2
ZERO API	file : malware
VT API (file)	29 detected (malicious, high confidence, Mikey, GenericRI, S22849637, Unsafe, Save, confidence, ClipBanker, Eldorado, Themida, L suspicious, Scrop, DropperX, Score, ai score=86, Sabsik, Static AI, Malicious PE, susgen)
md5	3eceac4a10a0ab1d4d87b8801eeb29c1
sha256	5fb8396d03cee9764c93ff69af0add623e125020975259663e19ad52eceef03d
ssdeep	49152:mNXOafI8Zro5LbnHPLwT3qDPJuYeJ5VE+fnrn7cLMbou8Io3Nco7gcxoSLfrvN0S:UAYropnjw72QhP98lA+DDmPADONLyzX
imphash	106f3d3e521ab0377bf478b03f3dd87b
impfuzzy	3:sUx2AEJt/M1KgK32bWmAgYbRA2yLMRMExAnmqMElB:nEJt/MN1bK19ycP3ED

Network IP location

Signature (5cnts)

Level	Description
warning	File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level	Name	Description	Collection
warning	themida_packer	themida packer	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x14002f108 GetModuleHandleA
USER32.dll
0x14002f118 DefWindowProcW
SHELL32.dll
0x14002f128 SHGetSpecialFolderPathW
ole32.dll
0x14002f138 CoInitializeEx
OLEAUT32.dll
0x14002f148 VariantInit

EAT(Export Address Table) is none

Report - lv.exe

Signature (5cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure