Report - 48.exe

Themida Packer Anti_VM Malicious Library MPRESS UPX PE32 PE File

ScreenShot

Info
Location map


Created	2023.01.22 13:58	Machine	s1_win7_x6403
Filename	48.exe
Type	MS-DOS executable, MZ for MS-DOS
AI Score	8	Behavior Score	1.6
ZERO API	file : malware
VT API (file)	35 detected (AIDetectNet, lqvp, malicious, high confidence, Babar, Artemis, Unsafe, confidence, 100%, Attribute, HighConfidence, Themida, score, Generic ML PUA, high, Static AI, Suspicious PE, ai score=81, Wacatac, Sabsik, ZexaF, vn0@aOwqZ0hi, BScope, TrojanPSW, Coins, GenAsa, LQmWrHldTi8, susgen)
md5	49c19748e633bbb852b7a759eaf78be3
sha256	4167e30b0c2b021e6df012e74b25601ae28aec44ce70bac4b0c0882a6308c38d
ssdeep	24576:7ARPonaSEVZEx9RvtuNGoowVup9NoYdS9UD1K0bzcGJgmw4iBtweh61PEA8QHnUo:7AReEVZqLzofuMYKtGnw4ihPEHhU4X
imphash	7617119cde5afea121182e7cd8e56744
impfuzzy	3:sUx2AEZsS9KTXzlJLMLZExJKJAEjp83A:nERGDT4LMKJAmWw

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 35 AntiVirus engines on VirusTotal as malicious
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (7cnts)

Level	Name	Description	Collection
warning	themida_packer	themida packer	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	MPRESS_Zero	MPRESS packed file	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
notice	anti_vm_detect	Possibly employs anti-virtualization techniques	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x8c9050 GetModuleHandleA
0x8c9054 GetProcAddress
ole32.dll
0x8c905c OleInitialize
OLEAUT32.dll
0x8c9064 SafeArrayCreate

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure