popup

Report - sold.exe

Generic Malware PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.11.12 10:40 Machine s1_win7_x6401
Filename sold.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
4
 Behavior Score
1.6
ZERO API file : clean
VT API (file) 48 detected (Donut, malicious, high confidence, InjectNET, GenericKDZ, Unsafe, confidence, 100%, Eldorado, R049C0WK721, FileRepMalware, Gencirc, Fujacks, Score, yqrtm, ASMalwS, Sabsik, R444976, GenericRXAA, ai score=85, S59bWASC18c)
md5 5c16f7fdeb2a95b5bdbecd54a8b6d4e0
sha256 e4d73b9ed43ca2a614ab2881de6548abc0fb4febdc0b8944dc9014f62c3693ad
ssdeep 49152:DFGqGcUtGesDKszfrwmlWzUapTCJ4RJmjc:xp5X/5kfB
imphash 02549ff92b49cce693542fc9afb10102
impfuzzy 6:HMJqX0syYJxSBS0H5sD4sIWvXoFliPEcn:sJqGMY58E6PXn
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 48 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x5f3d6c malloc
 0x5f3d74 memset
 0x5f3d7c _get_pgmptr
 0x5f3d84 getenv
 0x5f3d8c sprintf
 0x5f3d94 __argc
 0x5f3d9c __argv
 0x5f3da4 _environ
 0x5f3dac _XcptFilter
 0x5f3db4 __set_app_type
 0x5f3dbc _controlfp
 0x5f3dc4 __getmainargs
 0x5f3dcc exit
kernel32.dll
 0x5f3ddc Sleep
 0x5f3de4 CreateProcessA
 0x5f3dec SetUnhandledExceptionFilter

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure