ScreenShot
| Created | 2023.08.07 08:43 | Machine | s1_win7_x6401 |
| Filename | 6dWHunZZcpnEo.exe | ||
| Type | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (malicious, high confidence, score, GenericKD, Save, confidence, 100%, TrojanPSW, Agensla, Eldorado, Attribute, HighConfidence, AgentTesla, PWSX, QQPass, QQRob, Ximw, Nekark, dozol, moderate, Casdet, Detected, Artemis, ai score=83, unsafe, Chgt, MSIL@AI, MSIL2, 00VRE09eVQ1CCx2vLDUH6w, Static AI, Suspicious PE, GenKryptik) | ||
| md5 | 11de7138a9df2d5bbfeb112f8d20f2df | ||
| sha256 | d7a5b7f6121d2329ea2514ef24ab2c5d48ebc2ae5bbade7affa1960ff5f35c1f | ||
| ssdeep | 12288:pky9nGDCcbL4prw+6AVTfHRZ9v12t2zLYIl+9UDqiXf4FmF3pf4rrC7D3hbAPwpg:pkgnGDNL4RB79ct28UDHMm1hArEbhbAB | ||
| imphash | |||
| impfuzzy | 3:: | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) is none
EAT(Export Address Table) is none
EAT(Export Address Table) is none