ScreenShot
| Created | 2022.01.19 14:04 | Machine | s1_win7_x6403 |
| Filename | HpsrSpoofer3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetect, malware2, malicious, high confidence, DownLoader44, ExNuma, Unsafe, CoinMiner, ali1002002, Attribute, HighConfidence, Kryptik, HNPY, R002C0DAF22, TrojanX, Bitmin, Wqwq, Shohdi, susgen, AGEN, ai score=82, ASMalwS, Pucrpt, score, R442079, Artemis, BScope, AsyncRAT, Crysan, CLOUD, kTD9kmKQlXs, Static AI, Malicious PE, GdSda, confidence) | ||
| md5 | db1cb546c05ce3a129d921d3e2044aca | ||
| sha256 | c5be50845a1334b41d84c2e7c2af537a5bff45d815c48d1b7221a0c8f238398d | ||
| ssdeep | 24576:wzIu9DVeks7PSQYx4h7k8yX3nijRpyRfktSKnzQJHkvvKsuLVD3GFXGAY4d3G77S:YWkKKQYx4uighwvvvBIVDlG3GRow1A | ||
| imphash | 140094f13383e9ae168c4b35b6af3356 | ||
| impfuzzy | 3:ssDhBAtJ1MO/OywSdop3JzsSxqEsSx2ASAy0JS9KTXzhAXw+cazdX0JEBJJJITpe:/1BOZ/OcoBLSRGDGhFJI59OwZJqBs0JD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x5920a0 CreateThread
0x5920a4 ExitProcess
0x5920a8 GetComputerNameA
0x5920ac GetModuleFileNameA
0x5920b0 GetModuleHandleW
0x5920b4 GetProcAddress
0x5920b8 SetErrorMode
0x5920bc Sleep
0x5920c0 VirtualAllocExNuma
Shlwapi.dll
0x59216c PathFindFileNameA
msvcrt.dll
0x5921a4 malloc
0x5921a8 free
0x5921ac memset
0x5921b0 strcmp
0x5921b4 _strcmpi
0x5921b8 strcpy
EAT(Export Address Table) is none
kernel32.dll
0x5920a0 CreateThread
0x5920a4 ExitProcess
0x5920a8 GetComputerNameA
0x5920ac GetModuleFileNameA
0x5920b0 GetModuleHandleW
0x5920b4 GetProcAddress
0x5920b8 SetErrorMode
0x5920bc Sleep
0x5920c0 VirtualAllocExNuma
Shlwapi.dll
0x59216c PathFindFileNameA
msvcrt.dll
0x5921a4 malloc
0x5921a8 free
0x5921ac memset
0x5921b0 strcmp
0x5921b4 _strcmpi
0x5921b8 strcpy
EAT(Export Address Table) is none