Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.09.23 09:34	Machine	s1_win7_x6403
Filename	LB3.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	2	Behavior Score	1.8
ZERO API	file : clean
VT API (file)	51 detected (Common, Joti, malicious, high confidence, 8m1@eue3jOti, Sabsik, New Malware, Save, confidence, 100%, Attribute, HighConfidence, ETHH, score, kaxwmw, InjectorX, FalseSign, Ymhl, XPACK, Gen3, LOCKBIT, YXDIUT, high, Static AI, Malicious PE, Detected, Obfuscated, R606184, Hider, ai score=88, unsafe, Chgt, CLASSIC, susgen)
md5	0c2246bc569ddf7c9e93ccbf87aeb397
sha256	1d30c8ea61630a44351f29b209813275b5077a637a571d888e97398f8c24787d
ssdeep	12288:+sT4cgRdrEAzvHG4z/bEUZEPurHbNFKSEv0xt9:+sGRdrEAbm4z/bEUaPuD3Rw0xt9
imphash	052fa9cea4e2760f440d56512f0eb39f
impfuzzy	48:P9z/1xQwzwQwgowegkRxAk3L39Brj1SxgLxoT+yNFNmWcFZj9hHw+8xmHkSIW1wt:P9z/1xQGwQfoZgkRx/7NBrjwxgLxQ+yz

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 51 AntiVirus engines on VirusTotal as malicious
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (5cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Admin_Tool_IN_Zero	Admin Tool Sysinternals	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
0x67a10200 GetProcAddress
0x67a10204 GetModuleHandleW
MSVBVM60.DLL
0x67a1020c __vbaVarTstGt
0x67a10210 None
0x67a10214 __vbaStrI2
0x67a10218 _CIcos
0x67a1021c _adj_fptan
0x67a10220 __vbaVarMove
0x67a10224 __vbaVarVargNofree
0x67a10228 __vbaAryMove
0x67a1022c __vbaFreeVar
0x67a10230 __vbaLineInputStr
0x67a10234 __vbaStrVarMove
0x67a10238 __vbaFreeVarList
0x67a1023c _adj_fdiv_m64
0x67a10240 None
0x67a10244 __vbaFreeObjList
0x67a10248 _adj_fprem1
0x67a1024c __vbaStrCat
0x67a10250 __vbaSetSystemError
0x67a10254 __vbaHresultCheckObj
0x67a10258 _adj_fdiv_m32
0x67a1025c __vbaAryDestruct
0x67a10260 None
0x67a10264 None
0x67a10268 None
0x67a1026c __vbaObjSet
0x67a10270 _adj_fdiv_m16i
0x67a10274 __vbaObjSetAddref
0x67a10278 _adj_fdivr_m16i
0x67a1027c __vbaRefVarAry
0x67a10280 _CIsin
0x67a10284 None
0x67a10288 __vbaChkstk
0x67a1028c __vbaFileClose
0x67a10290 EVENT_SINK_AddRef
0x67a10294 __vbaStrCmp
0x67a10298 __vbaAryConstruct2
0x67a1029c __vbaVarTstEq
0x67a102a0 None
0x67a102a4 DllFunctionCall
0x67a102a8 _adj_fpatan
0x67a102ac __vbaRedim
0x67a102b0 EVENT_SINK_Release
0x67a102b4 __vbaNew
0x67a102b8 _CIsqrt
0x67a102bc EVENT_SINK_QueryInterface
0x67a102c0 __vbaStr2Vec
0x67a102c4 __vbaExceptHandler
0x67a102c8 __vbaStrToUnicode
0x67a102cc None
0x67a102d0 _adj_fprem
0x67a102d4 _adj_fdivr_m64
0x67a102d8 __vbaFPException
0x67a102dc __vbaStrVarVal
0x67a102e0 __vbaUbound
0x67a102e4 __vbaVarCat
0x67a102e8 None
0x67a102ec None
0x67a102f0 _CIlog
0x67a102f4 __vbaFileOpen
0x67a102f8 None
0x67a102fc __vbaNew2
0x67a10300 __vbaR8Str
0x67a10304 None
0x67a10308 _adj_fdiv_m32i
0x67a1030c _adj_fdivr_m32i
0x67a10310 __vbaStrCopy
0x67a10314 __vbaI4Str
0x67a10318 __vbaFreeStrList
0x67a1031c _adj_fdivr_m32
0x67a10320 _adj_fdiv_r
0x67a10324 None
0x67a10328 __vbaI4Var
0x67a1032c None
0x67a10330 __vbaAryLock
0x67a10334 __vbaVarAdd
0x67a10338 __vbaVarDup
0x67a1033c __vbaStrToAnsi
0x67a10340 __vbaFpI4
0x67a10344 __vbaVarCopy
0x67a10348 None
0x67a1034c None
0x67a10350 _CIatan
0x67a10354 __vbaStrMove
0x67a10358 __vbaCastObj
0x67a1035c __vbaR8IntI4
0x67a10360 _allmul
0x67a10364 _CItan
0x67a10368 None
0x67a1036c __vbaAryUnlock
0x67a10370 _CIexp
0x67a10374 __vbaFreeStr
0x67a10378 __vbaFreeObj

EAT(Export Address Table) is none

Report - LB3.exe

Signature (3cnts)

Rules (5cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure