ScreenShot
| Created | 2023.08.07 18:39 | Machine | s1_win7_x6403 |
| Filename | Rhay_92.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetectMalware, malicious, high confidence, Artemis, Save, confidence, 100%, ZexaE, My0@aukbgPxk, Attribute, HighConfidence, GenKryptik, GMOJ, score, CrypterX, Static AI, Suspicious PE, Rhadamanthys, Kryptik, CLOUD, Outbreak) | ||
| md5 | 664bffe24693a7575ffcdaf2e33d6188 | ||
| sha256 | 7de67b4ae3475e1243c80ba446a8502ce25fec327288d81a28be69706b4d9d81 | ||
| ssdeep | 12288:2sjkDPRpsdgMGzN4wcZsHJHOa+YVFMKePHNPhaTGoXx4unuLT0Y9XEWSGqXUTjHL:2sjkDPRpcgMGzN43OHOKVF4vzErh4tfh | ||
| imphash | 497393145c34e7a583c61d69d8db0bdb | ||
| impfuzzy | 6:5rOM7y+j77ElCA15ujGMK971BOGDkBIJv/A+mvEETOHMREcJ8iPEcJ/TQF:wIy+j7A/lvbDrvscwXJXPXJcF | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x411000 GetCurrentProcess
0x411004 VirtualAlloc
0x411008 lstrlenA
0x41100c WaitForSingleObject
0x411010 GetModuleHandleA
0x411014 CreateFileA
0x411018 CloseHandle
0x41101c FreeConsole
0x411020 K32GetModuleInformation
0x411024 CreateThread
0x411028 HeapAlloc
0x41102c GetProcAddress
0x411030 CreateFileMappingA
0x411034 FreeLibrary
0x411038 MapViewOfFile
0x41103c TerminateProcess
0x411040 UnhandledExceptionFilter
0x411044 SetUnhandledExceptionFilter
0x411048 IsProcessorFeaturePresent
EAT(Export Address Table) is none
KERNEL32.dll
0x411000 GetCurrentProcess
0x411004 VirtualAlloc
0x411008 lstrlenA
0x41100c WaitForSingleObject
0x411010 GetModuleHandleA
0x411014 CreateFileA
0x411018 CloseHandle
0x41101c FreeConsole
0x411020 K32GetModuleInformation
0x411024 CreateThread
0x411028 HeapAlloc
0x41102c GetProcAddress
0x411030 CreateFileMappingA
0x411034 FreeLibrary
0x411038 MapViewOfFile
0x41103c TerminateProcess
0x411040 UnhandledExceptionFilter
0x411044 SetUnhandledExceptionFilter
0x411048 IsProcessorFeaturePresent
EAT(Export Address Table) is none