popup

Report - WatchDog.exe

.NET EXE PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.06.21 12:25 Machine s1_win7_x6403
Filename WatchDog.exe
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
AI Score
5
 Behavior Score
3.6
ZERO API file : malware
VT API (file) 47 detected (AIDetectMalware, Tedy, MSILHeracles, YakbeexMSIL, unsafe, Save, malicious, confidence, 100%, ZemsilCO, dm0@aigZqsn, ABRisk, ZXPQ, Attribute, HighConfidence, high confidence, score, DropperX, R06CC0DF723, Tiggre, Anagra, Detected, HeapOverride, ai score=88, FakeMS, MSIL@AI, MSIL2, 5sDdg, jBidzZCJSOmMubwQ, susgen, PossibleThreat)
md5 4aa5e32bfe02ac555756dc9a3c9ce583
sha256 8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967
ssdeep 768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM
imphash f34d5f2d4577ed6d9ceec516c1f5a744
impfuzzy 3:rGsLdAIEK:tf
  Network IP location

Signature (9cnts)

Level Description
danger File has been identified by 47 AntiVirus engines on VirusTotal as malicious
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Queries for the computername
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
info Is_DotNET_EXE (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

mscoree.dll
 0x402000 _CorExeMain

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure