ScreenShot
| Created | 2021.11.10 08:12 | Machine | s1_win7_x6401 |
| Filename | prof-eth.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (malicious, high confidence, Unsafe, VMProtect, Sabsik, score, Artemis, Static AI, Suspicious PE, susgen, Behavior) | ||
| md5 | 4151ed1d9fe87cc363b01e33a162395d | ||
| sha256 | caaf5afd05109a9523e59ceb6a07d1ba16052b6ea564697c901fe9bc6aba5c86 | ||
| ssdeep | 196608:pxqSvkr/SNYQEwgVgANoIWfYuFudDsMXxMBz:pxq6gSLEZbogAMXxM | ||
| imphash | 2e94efa8721780d16bef6f247a11963d | ||
| impfuzzy | 12:sJbwfP9qZGoQtXJxZGb9AJcDfA5kLfP9m:okaQtXJHc9NDI5Q8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0xe54000 malloc
kernel32.dll
0xe54010 Sleep
WTSAPI32.dll
0xe54020 WTSSendMessageW
kernel32.dll
0xe54030 GetSystemTimeAsFileTime
USER32.dll
0xe54040 GetUserObjectInformationW
kernel32.dll
0xe54050 LocalAlloc
0xe54058 LocalFree
0xe54060 GetModuleFileNameW
0xe54068 GetProcessAffinityMask
0xe54070 SetProcessAffinityMask
0xe54078 SetThreadAffinityMask
0xe54080 Sleep
0xe54088 ExitProcess
0xe54090 FreeLibrary
0xe54098 LoadLibraryA
0xe540a0 GetModuleHandleA
0xe540a8 GetProcAddress
USER32.dll
0xe540b8 GetProcessWindowStation
0xe540c0 GetUserObjectInformationW
EAT(Export Address Table) Library
msvcrt.dll
0xe54000 malloc
kernel32.dll
0xe54010 Sleep
WTSAPI32.dll
0xe54020 WTSSendMessageW
kernel32.dll
0xe54030 GetSystemTimeAsFileTime
USER32.dll
0xe54040 GetUserObjectInformationW
kernel32.dll
0xe54050 LocalAlloc
0xe54058 LocalFree
0xe54060 GetModuleFileNameW
0xe54068 GetProcessAffinityMask
0xe54070 SetProcessAffinityMask
0xe54078 SetThreadAffinityMask
0xe54080 Sleep
0xe54088 ExitProcess
0xe54090 FreeLibrary
0xe54098 LoadLibraryA
0xe540a0 GetModuleHandleA
0xe540a8 GetProcAddress
USER32.dll
0xe540b8 GetProcessWindowStation
0xe540c0 GetUserObjectInformationW
EAT(Export Address Table) Library