ScreenShot
| Created | 2023.05.26 09:32 | Machine | s1_win7_x6403 |
| Filename | 72345877550736152487.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 34a210904bca96c8fa9e37255211463a | ||
| sha256 | 54744988f152233722b2e866c66c6f3ee3c215cdedce36ec17270e63353df738 | ||
| ssdeep | 98304:OKeb41herumoa987/Po7YgFVP9ZbIGbAeJ8rF5GvuJLfhPEc:Okgu/Kp7YgLlZ5tqHGvulhPH | ||
| imphash | |||
| impfuzzy | 3:: | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
