popup

Report - sold.exe

Generic Malware PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.11.03 17:17 Machine s1_win7_x6403
Filename sold.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
4
 Behavior Score
1.6
ZERO API file : clean
VT API (file) 43 detected (Donut, malicious, high confidence, score, GenericKDZ, Unsafe, Eldorado, FileRepMalware, Gencirc, InjectNET, Fujacks, mxvxe, ASMalwS, Sabsik, R444976, GenericRXAA, ai score=85, R002H0CJS21, confidence, 100%)
md5 0ea242160e0b415f8a4713cbaba9e473
sha256 991a018f820da2612375d9c0a38ff605ff02f0f20132f2cea18b66ab11f6a193
ssdeep 49152:dyWVWerzT9OCV6dt7H8wfGP5tLfjwn7rY+TXk5gZGL4:dyWQy5OCVCt4wfGzLiE+gsGL
imphash 02549ff92b49cce693542fc9afb10102
impfuzzy 6:HMJqX0syYJxSBS0H5sD4sIWvXoFliPEcn:sJqGMY58E6PXn
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x5f3b6c malloc
 0x5f3b74 memset
 0x5f3b7c _get_pgmptr
 0x5f3b84 getenv
 0x5f3b8c sprintf
 0x5f3b94 __argc
 0x5f3b9c __argv
 0x5f3ba4 _environ
 0x5f3bac _XcptFilter
 0x5f3bb4 __set_app_type
 0x5f3bbc _controlfp
 0x5f3bc4 __getmainargs
 0x5f3bcc exit
kernel32.dll
 0x5f3bdc Sleep
 0x5f3be4 CreateProcessA
 0x5f3bec SetUnhandledExceptionFilter

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure