Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.05.26 17:53	Machine	s1_win7_x6401
Filename	CT360.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
AI Score	8	Behavior Score	3.4
ZERO API	file : malware
VT API (file)	38 detected (AIDetectMalware, malicious, moderate confidence, score, Symmi, unsafe, Save, Attribute, HighConfidence, Kryptik, HTOY, CrypterX, CLOUD, high, Outbreak, P3253E, hchwh, Agentb, Sabsik, Artemis, ai score=88, umEfyHV44Rk, susgen, ZexaF, kmKfa0@xDlpj, confidence)
md5	89f34702802ca7e99421d765d8404b8e
sha256	010059d0cbf9138e969e7d2da0e8aaf6755e83f0fdee3f7f8bb7fd95267ae831
ssdeep	3072:0Q/srZri6d92DVf2/gqQ3mFfP23gg/r1Uw8a59CpE7Fw8BHdMGEx9zK:00srJHcVu/pHFfPigWOwd9Cpr88GE
imphash	d876512d32d4e10a69f2baae7904c814
impfuzzy	3:swBJAEPw1MO/OywS9KTXzhAXwEQaxREJbfusrjqMEleA+n:dBJAEoZ/OEGDzyRvI3EQn

Network IP location

Signature (8cnts)

Level	Description
danger	File has been identified by 38 AntiVirus engines on VirusTotal as malicious
notice	A process attempted to delay the analysis task.
notice	Executes one or more WMI queries
notice	Foreign language identified in PE resource
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	The executable is compressed using UPX
info	Queries for the computername
info	The executable uses a known packer

Rules (2cnts)

Level	Name	Description	Collection
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x49d8d0 LoadLibraryA
0x49d8d4 ExitProcess
0x49d8d8 GetProcAddress
0x49d8dc VirtualProtect
ole32.dll
0x49d8e4 CoTaskMemAlloc
OLEAUT32.dll
0x49d8ec VariantClear

EAT(Export Address Table) is none

Report - CT360.exe

Signature (8cnts)

Rules (2cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure