ScreenShot
| Created | 2023.06.16 17:02 | Machine | s1_win7_x6401 |
| Filename | KLIPE.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Tasker, GenericKD, Artemis, Kryptik, Vepr, GenKryptik, malicious, confidence, 100%, ZexaF, @pvaauVb5Xf, ABRisk, IMFB, Attribute, HighConfidence, high confidence, GKGU, score, azjz, jwmnde, Addrop, vt5tArsod5K, AGEN, MulDrop22, R002C0XF723, moderate, Wacatac, Detected, ai score=100, unsafe, Chgt, Gencirc, ZBnuSVhJO, susgen) | ||
| md5 | af6e384dfabdad52d43cf8429ad8779c | ||
| sha256 | f327c2b5ab1d98f0382a35cd78f694d487c74a7290f1ff7be53f42e23021e599 | ||
| ssdeep | 98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB | ||
| imphash | 28410aacd961a705a3e199dc5b1733bd | ||
| impfuzzy | 3:sUx2AEZsS9KTXz5NAHWbW7uRAn:nERGDTLbGeA | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | MPRESS_Zero | MPRESS packed file | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0xb78050 GetModuleHandleA
0xb78054 GetProcAddress
SHELL32.dll
0xb7805c SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.DLL
0xb78050 GetModuleHandleA
0xb78054 GetProcAddress
SHELL32.dll
0xb7805c SHGetFolderPathW
EAT(Export Address Table) is none