Report - bilkad.exe

PE64 PE File
ScreenShot
Created 2023.07.23 09:43 Machine s1_win7_x6403
Filename bilkad.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
6
Behavior Score
2.2
ZERO API file : malware
VT API (file) 42 detected (BroPass, malicious, moderate confidence, Tedy, Artemis, Save, WinGo, confidence, 100%, Eldorado, Attribute, HighConfidence, a variant of WinGo, score, Redcap, etuzp, moderate, Static AI, Suspicious PE, ai score=87, Sabsik, Detected, unsafe, Chgt, R014H0CGM23, CLOUD, susgen, PossibleThreat, PALLAS)
md5 c4fe973e479a2af02dce5b9888e97917
sha256 5c6e675359884a3f82edd6c3085ecc8a28b465b88e313e05915cb194aa17a0b1
ssdeep 98304:4ICeQ7CGJQrDBC+00+IcXd4ZwynoDQkLoCR453:s37CTrV50NIS4Zj+Qkx4l
imphash 9aebf3da4677af9275c461261e5abde3
impfuzzy 3:swBJAEPw1MO/OywS9KTXzhAXwEQaxRGUq:dBJAEoZ/OEGDzyRs
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 42 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is compressed using UPX
info One or more processes crashed

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x125d03c LoadLibraryA
 0x125d044 ExitProcess
 0x125d04c GetProcAddress
 0x125d054 VirtualProtect
msvcrt.dll
 0x125d064 exit

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure