Report - 526.zip

Generic Malware HWP PS PostScript ZIP Format MSOffice File
ScreenShot
Created 2023.05.16 15:53 Machine s1_win7_x6402
Filename 526.zip
Type Zip archive data, at least v1.0 to extract
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file) 26 detected (Boxter, Powecod, ABRisk, CTKX, Malicious, score, WinLNK, Kmnw, VPVF, Artemis, LnkDrop, Static AI, Suspicious OLE, Woreflint, Detected, Link, Crafted, ai score=99)
md5 487769a19f032e981f33023b2cb7fe10
sha256 df89db0ec339a5e5109ecced0199c371a859aa0c721275e7556a2f34b33d7b01
ssdeep 3072:UypPHTlizlhyLm5QXRHPvruwBa8veKS0908qpiI12WU7KHHEu7EmIbB2itL8HP7h:Uy9ggCKXRHHqwB7w09IpfbnJfkFIPE9a
imphash
impfuzzy
  Network IP location

Signature (1cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Win32_HWP_PostScript_Zero Detect a HWP with embedded Post Script code binaries (upload)
info HWP_file_format HWP Document File binaries (upload)
info Microsoft_Office_File_Zero Microsoft Office File binaries (upload)
info zip_file_format ZIP file format binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure