popup

Report - lv.exe

Themida Packer PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.22 09:16 Machine s1_win7_x6403
Filename lv.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
6
 Behavior Score
2.4
ZERO API file : clean
VT API (file) 34 detected (malicious, high confidence, Mikey, GenericRI, S22849637, Unsafe, Save, Eldorado, Themida, L suspicious, Scrop, DropperX, Static AI, Malicious PE, ai score=85, Sabsik, score, Artemis, ClipBanker, susgen, confidence)
md5 7d4a4b1e6c40323bb0c3c86da4c185d5
sha256 8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
ssdeep 98304:LdEr/e+/uk9hPRSfBQIowE5ZllpMdu+GgAri:LCq4QBQIOpaSri
imphash 106f3d3e521ab0377bf478b03f3dd87b
impfuzzy 3:sUx2AEJt/M1KgK32bWmAgYbRA2yLMRMExAnmqMElB:nEJt/MN1bK19ycP3ED
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 34 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
warning themida_packer themida packer binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x14002f108 GetModuleHandleA
USER32.dll
 0x14002f118 DefWindowProcW
SHELL32.dll
 0x14002f128 SHGetSpecialFolderPathW
ole32.dll
 0x14002f138 CoInitializeEx
OLEAUT32.dll
 0x14002f148 VariantInit

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure