ScreenShot
| Created | 2023.04.13 09:20 | Machine | s1_win7_x6401 |
| Filename | cdump.exe | ||
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (BroPass, malicious, moderate confidence, GenericKD, Artemis, unsafe, TrojanPSW, confidence, 100%, Attribute, HighConfidence, score, PSWTool, hqtthz, Mqil, Generic Reputation PUA, vbiae, R002C0GE922, Skeeyah, Detected, ai score=80, CLOUD, wFU2GEJDE7U, susgen) | ||
| md5 | 6799f43f598169aebc476455c624f014 | ||
| sha256 | 4d6e78684cf71bf7a2ee846e717f65ac85f7c8dc1a07ea5857e5f4965700729a | ||
| ssdeep | 24576:xodPTSmyVjXXVEyOLoRjMzbOWQVw+yG3LLsNXEJLvQdc99zRg:x0TSmyVjHHO0RjtVL72wvQdi9l | ||
| imphash | c19c5a27cf193c3f49f1a5b91054e502 | ||
| impfuzzy | 3:swBJAEPw1MO/OywS9KTXzhAXwEQaxRGUpH:dBJAEoZ/OEGDzyRH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Command line console output was observed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x76003c LoadLibraryA
0x760040 ExitProcess
0x760044 GetProcAddress
0x760048 VirtualProtect
msvcrt.dll
0x760050 _iob
EAT(Export Address Table) is none
KERNEL32.DLL
0x76003c LoadLibraryA
0x760040 ExitProcess
0x760044 GetProcAddress
0x760048 VirtualProtect
msvcrt.dll
0x760050 _iob
EAT(Export Address Table) is none