ScreenShot
| Created | 2022.07.01 18:12 | Machine | s1_win7_x6403 |
| Filename | resiger.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetect, malware1, Hacktool, mzvW, malicious, high confidence, score, Unsafe, Save, confidence, 100%, Droma, Eldorado, Attribute, HighConfidence, NoobyProtect, aedp, GenericKD, Ljki, Amtar, KNB@4wlm66, AsyncRATNET, PWSZbot, high, Static AI, Malicious PE, AGEN, ai score=82, kcloud, Sabsik, R480150, TScope, Generic@AI, RDMK, HnWZroXS9+dGMXI9TuDqoA, GenAsa, ZU9DiP7n6KA, susgen, ZexaF, 0u0@amhLiRp) | ||
| md5 | 3578aaa113d7683b85fc0768f816dafb | ||
| sha256 | 666b7cd211ead3bc4fc8ff1e480a73ab9cb8ecf678e31991f5d6269b00282087 | ||
| ssdeep | 24576:m7dDx31WqXL1E7GNMUm62JBWpSyk3Fg/x/KE0lml1aZ66z24VZbHZzv:mBVAEL1bF2JBmStFO/KE5CZ66z24VZbR | ||
| imphash | 32c5de998b5f069b26c94c8143b13c06 | ||
| impfuzzy | 3:rGsLdAIE7UA6yVcJUNQZn23S/KnA1MJuE9rJSxqSX1Atd9C36YbW7uRAn:teL2WWZn2yILi1Iq36YbGeA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
mscoree.dll
0x4da197 _CorExeMain
MSVCRT.dll
0x4da1a3 strncpy
IPHLPAPI.DLL
0x4da1af GetInterfaceInfo
PSAPI.DLL
0x4da1bb GetMappedFileNameW
KERNEL32.dll
0x4da1c7 GetModuleFileNameW
USER32.dll
0x4da1d3 GetWindow
ADVAPI32.dll
0x4da1df RegDeleteKeyA
SHELL32.dll
0x4da1eb SHGetFolderPathW
EAT(Export Address Table) is none
mscoree.dll
0x4da197 _CorExeMain
MSVCRT.dll
0x4da1a3 strncpy
IPHLPAPI.DLL
0x4da1af GetInterfaceInfo
PSAPI.DLL
0x4da1bb GetMappedFileNameW
KERNEL32.dll
0x4da1c7 GetModuleFileNameW
USER32.dll
0x4da1d3 GetWindow
ADVAPI32.dll
0x4da1df RegDeleteKeyA
SHELL32.dll
0x4da1eb SHGetFolderPathW
EAT(Export Address Table) is none