Report - sp.exe

Themida Packer Generic Malware Malicious Library PE64 PE File

ScreenShot

Info
Location map


Created	2023.06.02 17:35	Machine	s1_win7_x6403
Filename	sp.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	5	Behavior Score	2.8
ZERO API	file : clean
VT API (file)	38 detected (Agentb, trtl, Inject4, Vg44, Zenpak, malicious, confidence, Attribute, HighConfidence, high confidence, Themida, L suspicious, score, Usmw, AGEN, Woreflint, A5ACWX, Artemis, ai score=74, unsafe, Probably Heur, ExeHeaderL, R002H07EV23, CLOUD, susgen, PossibleThreat)
md5	45d50af2dab49aa0de4894a1bbff7d62
sha256	e84531a3eef229dafb604be21d54c4abfd71efdf132ec141a2ca770d436673d4
ssdeep	98304:5l1JDX/FWuaPGwguuBnDgMyb3egMT/ia0ctMl6bSfsoCRES9Hp:jHT/5aPDgfpYuFjRG0wo
imphash	183858b2601045270099db6da9a75891
impfuzzy	3:sUx2AEJtyBV3n:nEJtyBV3n

Network IP location

Signature (6cnts)

Level	Description
danger	File has been identified by 38 AntiVirus engines on VirusTotal as malicious
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
warning	themida_packer	themida packer	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x14027b078 GetModuleHandleA
USER32.dll
0x14027b088 EndPaint

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure