ScreenShot
| Created | 2023.09.23 19:21 | Machine | s1_win7_x6403 |
| Filename | PLV.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Reflo, malicious, moderate confidence, Tedy, unsafe, Vdyd, confidence, Genus, Rozena, Eldorado, Attribute, HighConfidence, CoinMiner, AGen, score, MalwareX, Gencirc, Nekark, mytfl, Siggen21, Artemis, ShellcodeRunner, Wacatac, Znyonm, Detected, ai score=83, Chgt, R002H0DII23, VqtQRH5PzKH, susgen) | ||
| md5 | ac5a067a49c0347a26cb08dbf77f45b2 | ||
| sha256 | c89c74a42dc7e8ba62490a3f73f031caec9ec3579bc69d169abc2bfd2e3719d2 | ||
| ssdeep | 98304:cAWVhcggbXvZnyKbxK0UiIeYjRJFpFx9e+11:cHyLKN/eeRJpHv1 | ||
| imphash | cfc2f6e0ad47e701959f21a8d2a686e9 | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqfZJVZJn:8fjBcVK0MGf5XGf6Zykom/GCqxvZJn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405641a8 DeleteCriticalSection
0x1405641b0 EnterCriticalSection
0x1405641b8 GetLastError
0x1405641c0 InitializeCriticalSection
0x1405641c8 LeaveCriticalSection
0x1405641d0 SetUnhandledExceptionFilter
0x1405641d8 Sleep
0x1405641e0 TlsGetValue
0x1405641e8 VirtualProtect
0x1405641f0 VirtualQuery
msvcrt.dll
0x140564200 __C_specific_handler
0x140564208 __getmainargs
0x140564210 __initenv
0x140564218 __iob_func
0x140564220 __set_app_type
0x140564228 __setusermatherr
0x140564230 _amsg_exit
0x140564238 _cexit
0x140564240 _commode
0x140564248 _fmode
0x140564250 _initterm
0x140564258 _onexit
0x140564260 abort
0x140564268 calloc
0x140564270 exit
0x140564278 fprintf
0x140564280 fputs
0x140564288 free
0x140564290 malloc
0x140564298 memset
0x1405642a0 signal
0x1405642a8 strcat
0x1405642b0 strlen
0x1405642b8 strncmp
0x1405642c0 strstr
0x1405642c8 vfprintf
0x1405642d0 wcscat
0x1405642d8 wcscpy
0x1405642e0 wcslen
0x1405642e8 wcsncmp
0x1405642f0 wcsstr
0x1405642f8 _wcsnicmp
0x140564300 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x1405641a8 DeleteCriticalSection
0x1405641b0 EnterCriticalSection
0x1405641b8 GetLastError
0x1405641c0 InitializeCriticalSection
0x1405641c8 LeaveCriticalSection
0x1405641d0 SetUnhandledExceptionFilter
0x1405641d8 Sleep
0x1405641e0 TlsGetValue
0x1405641e8 VirtualProtect
0x1405641f0 VirtualQuery
msvcrt.dll
0x140564200 __C_specific_handler
0x140564208 __getmainargs
0x140564210 __initenv
0x140564218 __iob_func
0x140564220 __set_app_type
0x140564228 __setusermatherr
0x140564230 _amsg_exit
0x140564238 _cexit
0x140564240 _commode
0x140564248 _fmode
0x140564250 _initterm
0x140564258 _onexit
0x140564260 abort
0x140564268 calloc
0x140564270 exit
0x140564278 fprintf
0x140564280 fputs
0x140564288 free
0x140564290 malloc
0x140564298 memset
0x1405642a0 signal
0x1405642a8 strcat
0x1405642b0 strlen
0x1405642b8 strncmp
0x1405642c0 strstr
0x1405642c8 vfprintf
0x1405642d0 wcscat
0x1405642d8 wcscpy
0x1405642e0 wcslen
0x1405642e8 wcsncmp
0x1405642f0 wcsstr
0x1405642f8 _wcsnicmp
0x140564300 _wcsicmp
EAT(Export Address Table) is none