Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.19 09:45	Machine	s1_win7_x6402
Filename	lv.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	6	Behavior Score	2.6
ZERO API	file : clean
VT API (file)	27 detected (malicious, high confidence, Mikey, GenericRI, S22849637, Unsafe, Save, ClipBanker, Eldorado, Themida, L suspicious, Scrop, DropperX, Static AI, Malicious PE, ai score=80, Sabsik, score, susgen)
md5	75970d264d08b42ae47cfd3df6c9a3f4
sha256	11fdbe2236bf19e33ed519b4f2759e3573da8560096ca1b5d9c090f8fec70575
ssdeep	98304:BAde8/9zaRNHU3Uok1Dc/Oxfx7Xw5NczM5OfNpZYEu:BwFVI0EFcWx05NcQNr
imphash	106f3d3e521ab0377bf478b03f3dd87b
impfuzzy	3:sUx2AEJt/M1KgK32bWmAgYbRA2yLMRMExAnmqMElB:nEJt/MN1bK19ycP3ED

Network IP location

Signature (6cnts)

Level	Description
warning	File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level	Name	Description	Collection
warning	themida_packer	themida packer	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x14002f108 GetModuleHandleA
USER32.dll
0x14002f118 DefWindowProcW
SHELL32.dll
0x14002f128 SHGetSpecialFolderPathW
ole32.dll
0x14002f138 CoInitializeEx
OLEAUT32.dll
0x14002f148 VariantInit

EAT(Export Address Table) is none

Report - lv.exe

Signature (6cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure