Report - version32.exe

Anti_VM PE64 PE File
ScreenShot
Created 2023.05.17 07:12 Machine s1_win7_x6401
Filename version32.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score Not founds Behavior Score
2.0
ZERO API file : clean
VT API (file) 43 detected (malicious, high confidence, score, Barys, unsafe, Kryptik, Vnn8, Reflo, confidence, 100%, Eldorado, GenKryptik, GIIA, CrypterX, FalseSign, Bdhl, Nekark, llpdl, R03BC0DEG23, Artemis, Krypt, Sabsik, Xmrig, ai score=83, Chgt, tSjl4DNY5BP, Behavior)
md5 9889b03f358c1e2a2635ae17eb4bf489
sha256 0c879e57aab759d1e31ba1ac2a03ffe1be3f44bd028a2dd4c597acec333b83d6
ssdeep 196608:bXGfFAvXKWv4hmvFGbMccfycpAkDOl1uJLCOHnJVx77DPf0:bXGtAvXKWQhYFEcfycGkDY1uomnXB0
imphash d3be2dc19ba54f7225d7679c3f791cf7
impfuzzy 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
pool.hashvault.pro SG PhoenixNAP 131.153.76.130 mailcious
131.153.76.130 SG PhoenixNAP 131.153.76.130 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1409f429c CloseHandle
 0x1409f42a4 CreateSemaphoreW
 0x1409f42ac DeleteCriticalSection
 0x1409f42b4 EnterCriticalSection
 0x1409f42bc GetCurrentThreadId
 0x1409f42c4 GetLastError
 0x1409f42cc GetStartupInfoA
 0x1409f42d4 InitializeCriticalSection
 0x1409f42dc IsDBCSLeadByteEx
 0x1409f42e4 LeaveCriticalSection
 0x1409f42ec MultiByteToWideChar
 0x1409f42f4 RaiseException
 0x1409f42fc ReleaseSemaphore
 0x1409f4304 RtlCaptureContext
 0x1409f430c RtlLookupFunctionEntry
 0x1409f4314 RtlUnwindEx
 0x1409f431c RtlVirtualUnwind
 0x1409f4324 SetLastError
 0x1409f432c SetUnhandledExceptionFilter
 0x1409f4334 Sleep
 0x1409f433c TlsAlloc
 0x1409f4344 TlsFree
 0x1409f434c TlsGetValue
 0x1409f4354 TlsSetValue
 0x1409f435c VirtualProtect
 0x1409f4364 VirtualQuery
 0x1409f436c WaitForSingleObject
 0x1409f4374 WideCharToMultiByte
msvcrt.dll
 0x1409f4384 __C_specific_handler
 0x1409f438c ___lc_codepage_func
 0x1409f4394 ___mb_cur_max_func
 0x1409f439c __getmainargs
 0x1409f43a4 __initenv
 0x1409f43ac __iob_func
 0x1409f43b4 __set_app_type
 0x1409f43bc __setusermatherr
 0x1409f43c4 _acmdln
 0x1409f43cc _amsg_exit
 0x1409f43d4 _cexit
 0x1409f43dc _commode
 0x1409f43e4 _errno
 0x1409f43ec _fmode
 0x1409f43f4 _initterm
 0x1409f43fc _onexit
 0x1409f4404 _wcsicmp
 0x1409f440c _wcsnicmp
 0x1409f4414 abort
 0x1409f441c calloc
 0x1409f4424 exit
 0x1409f442c fprintf
 0x1409f4434 fputc
 0x1409f443c fputs
 0x1409f4444 fputwc
 0x1409f444c free
 0x1409f4454 fwprintf
 0x1409f445c fwrite
 0x1409f4464 localeconv
 0x1409f446c malloc
 0x1409f4474 memcpy
 0x1409f447c memset
 0x1409f4484 realloc
 0x1409f448c signal
 0x1409f4494 strcat
 0x1409f449c strcmp
 0x1409f44a4 strerror
 0x1409f44ac strlen
 0x1409f44b4 strncmp
 0x1409f44bc strstr
 0x1409f44c4 vfprintf
 0x1409f44cc wcscat
 0x1409f44d4 wcscpy
 0x1409f44dc wcslen
 0x1409f44e4 wcsncmp
 0x1409f44ec wcsstr

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure