ScreenShot
| Created | 2022.03.25 10:19 | Machine | s1_win7_x6402 |
| Filename | 듐乖섬.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 18 detected (AIDetect, malware2, lKna, Artemis, malicious, Agentb, high, score, VMProtBad, Static AI, Malicious PE, ecmu, Kryptik, HK@susp, ZexaF, eI2@aKwA0Aij, confidence) | ||
| md5 | 156b4f5c31201bc945b2b3ceb95e0c5a | ||
| sha256 | b9d0e6a73f63d4f9e77b7640934ffd3268454052fbf942ed9f9779b45c55430f | ||
| ssdeep | 49152:RqzkN5m+wboqfrpBRmTnbhT4CwEGRyz1ZzSV9ojG/01Nln4i:RqwN5mxwTbhc9RyzfuMjGMjln4i | ||
| imphash | 9c97554380144d364a9f114ec24d74d8 | ||
| impfuzzy | 12:bz3DWpy2M4TFEEwcmE281EOgN+2gWpo6tyBaM7iXu41jAgZGCZB:bz3qwoZGOgszWiMSQz/B | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Detects VMWare through the in instruction feature |
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x72b400 GetTickCount
ADVAPI32.dll
0x72b408 RegDeleteKeyA
COMCTL32.dll
0x72b410 ImageList_GetIconSize
COMDLG32.dll
0x72b418 GetFileTitleA
GDI32.dll
0x72b420 GetTextExtentPoint32A
gdiplus.dll
0x72b428 GdipGetImageHeight
IMM32.dll
0x72b430 ImmGetOpenStatus
MSIMG32.dll
0x72b438 TransparentBlt
ole32.dll
0x72b440 OleCreateMenuDescriptor
OLEACC.dll
0x72b448 LresultFromObject
OLEAUT32.dll
0x72b450 SysStringLen
SHELL32.dll
0x72b458 SHGetPathFromIDListA
SHLWAPI.dll
0x72b460 PathIsUNCA
USER32.dll
0x72b468 EndDeferWindowPos
WINMM.dll
0x72b470 PlaySoundA
WINSPOOL.DRV
0x72b478 OpenPrinterA
KERNEL32.DLL
0x72b480 GetModuleFileNameW
KERNEL32.DLL
0x72b488 GetModuleHandleA
0x72b48c LoadLibraryA
0x72b490 LocalAlloc
0x72b494 LocalFree
0x72b498 GetModuleFileNameA
0x72b49c ExitProcess
EAT(Export Address Table) is none
KERNEL32.DLL
0x72b400 GetTickCount
ADVAPI32.dll
0x72b408 RegDeleteKeyA
COMCTL32.dll
0x72b410 ImageList_GetIconSize
COMDLG32.dll
0x72b418 GetFileTitleA
GDI32.dll
0x72b420 GetTextExtentPoint32A
gdiplus.dll
0x72b428 GdipGetImageHeight
IMM32.dll
0x72b430 ImmGetOpenStatus
MSIMG32.dll
0x72b438 TransparentBlt
ole32.dll
0x72b440 OleCreateMenuDescriptor
OLEACC.dll
0x72b448 LresultFromObject
OLEAUT32.dll
0x72b450 SysStringLen
SHELL32.dll
0x72b458 SHGetPathFromIDListA
SHLWAPI.dll
0x72b460 PathIsUNCA
USER32.dll
0x72b468 EndDeferWindowPos
WINMM.dll
0x72b470 PlaySoundA
WINSPOOL.DRV
0x72b478 OpenPrinterA
KERNEL32.DLL
0x72b480 GetModuleFileNameW
KERNEL32.DLL
0x72b488 GetModuleHandleA
0x72b48c LoadLibraryA
0x72b490 LocalAlloc
0x72b494 LocalFree
0x72b498 GetModuleFileNameA
0x72b49c ExitProcess
EAT(Export Address Table) is none