Report - cdump.exe

UPX PE32 PE File
ScreenShot
Created 2023.04.13 15:48 Machine s1_win7_x6401
Filename cdump.exe
Type PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
AI Score
2
Behavior Score
3.2
ZERO API file : malware
VT API (file) 48 detected (BroPass, malicious, moderate confidence, GenericKD, Artemis, unsafe, TrojanPSW, confidence, 100%, Attribute, HighConfidence, score, PSWTool, hqtthz, Mqil, Generic Reputation PUA, vbiae, R002C0GE922, Skeeyah, Detected, ai score=80, CLOUD, wFU2GEJDE7U, susgen)
md5 6799f43f598169aebc476455c624f014
sha256 4d6e78684cf71bf7a2ee846e717f65ac85f7c8dc1a07ea5857e5f4965700729a
ssdeep 24576:xodPTSmyVjXXVEyOLoRjMzbOWQVw+yG3LLsNXEJLvQdc99zRg:x0TSmyVjHHO0RjtVL72wvQdi9l
imphash c19c5a27cf193c3f49f1a5b91054e502
impfuzzy 3:swBJAEPw1MO/OywS9KTXzhAXwEQaxRGUpH:dBJAEoZ/OEGDzyRH
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 48 AntiVirus engines on VirusTotal as malicious
watch Detects the presence of Wine emulator
notice Steals private information from local Internet browsers
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is compressed using UPX
info Command line console output was observed

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x76003c LoadLibraryA
 0x760040 ExitProcess
 0x760044 GetProcAddress
 0x760048 VirtualProtect
msvcrt.dll
 0x760050 _iob

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure