popup

Report - j.exe

Generic Malware PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.11.07 09:46 Machine s1_win7_x6401
Filename j.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
3
 Behavior Score
1.8
ZERO API file : clean
VT API (file) 39 detected (malicious, high confidence, GenericKDZ, Unsafe, Eldorado, R002H0CK521, FileRepMalware, Woqd, Fujacks, Donut, Score, ai score=81, kcloud, Sabsik, Phonzy, R444976, Artemis, Outbreak, confidence)
md5 6c1bf5fd5e33a68d980525c71cacf1d8
sha256 cdcb49e671a1fc4d502a52055b1af6c7addf6471b609fc0b827ba16c1fb4689b
ssdeep 49152:LIzdwHzLFa+ha58m3bHo1YxUQgOwCLutDsYVJZ:0z23Fi51Lg/CLutLVH
imphash 02549ff92b49cce693542fc9afb10102
impfuzzy 6:HMJqX0syYJxSBS0H5sD4sIWvXoFliPEcn:sJqGMY58E6PXn
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
notice A process attempted to delay the analysis task.
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x622d6c malloc
 0x622d74 memset
 0x622d7c _get_pgmptr
 0x622d84 getenv
 0x622d8c sprintf
 0x622d94 __argc
 0x622d9c __argv
 0x622da4 _environ
 0x622dac _XcptFilter
 0x622db4 __set_app_type
 0x622dbc _controlfp
 0x622dc4 __getmainargs
 0x622dcc exit
kernel32.dll
 0x622ddc Sleep
 0x622de4 CreateProcessA
 0x622dec SetUnhandledExceptionFilter

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure