Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.18 09:52	Machine	s1_win7_x6402
Filename	lv.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	6	Behavior Score	2.8
ZERO API	file : malware
VT API (file)	30 detected (malicious, high confidence, Razy, GenericRI, S22849637, Artemis, Unsafe, Save, ClipBanker, Eldorado, Themida, L suspicious, Scrop, DropperX, Generic ML PUA, Score, ai score=85, Sabsik, Static AI, Suspicious PE)
md5	e8719fad9816c40755e1c4821650e14b
sha256	0d6c6aa72b119b2bc82d377602bfbcebf9f71393c31d2d6b34643adf50f6e82f
ssdeep	98304:aSyqHFt/qr04owuG4ZCSmT+wVzl/HKhO:aSvn/twuG4ZCShwtl/H
imphash	106f3d3e521ab0377bf478b03f3dd87b
impfuzzy	3:sUx2AEJt/M1KgK32bWmAgYbRA2yLMRMExAnmqMElB:nEJt/MN1bK19ycP3ED

Network IP location

Signature (6cnts)

Level	Description
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level	Name	Description	Collection
warning	themida_packer	themida packer	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x14002f108 GetModuleHandleA
USER32.dll
0x14002f118 DefWindowProcW
SHELL32.dll
0x14002f128 SHGetSpecialFolderPathW
ole32.dll
0x14002f138 CoInitializeEx
OLEAUT32.dll
0x14002f148 VariantInit

EAT(Export Address Table) is none

Report - lv.exe

Signature (6cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure