popup

Report - IntelRealTech.exe

PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.07.07 18:34 Machine s1_win7_x6401
Filename IntelRealTech.exe
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
AI Score
1
 Behavior Score
2.4
ZERO API
VT API (file) 30 detected (malicious, high confidence, MSILHeracles, Artemis, MZCrypt, V2j8, confidence, 100%, Kryptik, AIZZ, score, Bsymem, MalwareX, Wacatac, MSILZilla, ai score=80, unsafe, Chgt, R011H0DG723)
md5 8c9eb4d9d60900fbb2a07e7990f2fad0
sha256 11ec89ea5da82e62e0a851d6bc49f38b39cd7ab6db3b254029fe9f923fce0d7b
ssdeep 24576:aZJQRKPWD8MhtU2kYI7DqinxhAh3dimU0Q5Bxv:aZCRrDTh+hYkRxWRdinRPF
imphash
impfuzzy 3::
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
i.ibb.co
whois
US RELIABLESITE 172.96.161.50
172.96.161.50
whois
US RELIABLESITE 172.96.161.50

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure