Report - update.vbs

ScreenShot

Info
Location map


Created	2023.06.16 13:56	Machine	s1_win7_x6402
Filename	update.vbs
Type	ASCII text, with very long lines, with no line terminators
AI Score	Not founds	Behavior Score	1.4
ZERO API	file : clean
VT API (file)	3 detected (gen175)
md5	92de717394d746b8aa97764201a1eff6
sha256	1ec868aae3af8b4b9899dedcac504b864e920baa6c075dac5ef102e47cb952f1
ssdeep	12:eJFsF9NuZrATa8YnmwCq0jQNQ0TwK8lx5O4wcQy8I6aYdRjSAkMGyp01oQG5z:OeFGZrAcCqNNQ0TwbnOxvy8If8I5aezs
imphash
impfuzzy

Network IP location

Signature (4cnts)

Level	Description
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice	Performs some HTTP requests
info	Queries for the computername

Rules (0cnts)

Level	Name	Description	Collection

Network (11cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://img.fmcity.com/images/reseller/common/img_info.gif whois		Korea Telecom	112.175.246.145		clean
http://html.gethompy.com/favicon.ico whois		Korea Telecom	112.175.246.91		clean
http://well-story.co.kr/adm/inc/js/list.php?query=1 whois		Korea Telecom	183.111.141.93	34418	mailcious
http://img.fmcity.com/images/reseller/common/tle_info.gif whois		Korea Telecom	112.175.246.145		clean
http://html.gethompy.com/404.html?id=ZGFoYW53 whois		Korea Telecom	112.175.246.91		clean
well-story.co.kr whois		Korea Telecom	183.111.141.93		mailcious
html.gethompy.com whois		Korea Telecom	112.175.246.91		clean
img.fmcity.com whois		Korea Telecom	112.175.246.145		clean
112.175.246.91 whois		Korea Telecom	112.175.246.91		clean
183.111.141.93 whois		Korea Telecom	183.111.141.93		mailcious
112.175.246.145 whois		Korea Telecom	112.175.246.145		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure