Report - DV.exe

PE File ftp PE64
ScreenShot
Created 2023.09.23 19:28 Machine s1_win7_x6403
Filename DV.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score Not founds Behavior Score
2.0
ZERO API file : malware
VT API (file) 49 detected (AIDetectMalware, Reflo, Tedy, V46d, malicious, Genus, Rozena, Eldorado, Attribute, HighConfidence, moderate confidence, CoinMiner, AGen, score, MalwareX, Gencirc, Nekark, zwupg, Siggen21, Artemis, ai score=89, ShellcodeRunner, Znyonm, Detected, unsafe, Chgt, R002H0CIK23, VqtQRH5PzKH, confidence, 100%)
md5 974cf9781ee4c391d8c78f68247e1b18
sha256 6f63952d569d65352cadb59dc95665dc01a2ccead6f2a84f8d89a9ee041aebe4
ssdeep 98304:5Ni77gLVLRv0kFWEu4f06A9u4f+38+BscmQI0vjkaYgucBg0i:5Ni77oVJ0kFWn4sWL3R7mQPuoE
imphash cfc2f6e0ad47e701959f21a8d2a686e9
impfuzzy 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqfZJVZJn:8fjBcVK0MGf5XGf6Zykom/GCqxvZJn
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 49 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
info ftp_command ftp command binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1405641a8 DeleteCriticalSection
 0x1405641b0 EnterCriticalSection
 0x1405641b8 GetLastError
 0x1405641c0 InitializeCriticalSection
 0x1405641c8 LeaveCriticalSection
 0x1405641d0 SetUnhandledExceptionFilter
 0x1405641d8 Sleep
 0x1405641e0 TlsGetValue
 0x1405641e8 VirtualProtect
 0x1405641f0 VirtualQuery
msvcrt.dll
 0x140564200 __C_specific_handler
 0x140564208 __getmainargs
 0x140564210 __initenv
 0x140564218 __iob_func
 0x140564220 __set_app_type
 0x140564228 __setusermatherr
 0x140564230 _amsg_exit
 0x140564238 _cexit
 0x140564240 _commode
 0x140564248 _fmode
 0x140564250 _initterm
 0x140564258 _onexit
 0x140564260 abort
 0x140564268 calloc
 0x140564270 exit
 0x140564278 fprintf
 0x140564280 fputs
 0x140564288 free
 0x140564290 malloc
 0x140564298 memset
 0x1405642a0 signal
 0x1405642a8 strcat
 0x1405642b0 strlen
 0x1405642b8 strncmp
 0x1405642c0 strstr
 0x1405642c8 vfprintf
 0x1405642d0 wcscat
 0x1405642d8 wcscpy
 0x1405642e0 wcslen
 0x1405642e8 wcsncmp
 0x1405642f0 wcsstr
 0x1405642f8 _wcsnicmp
 0x140564300 _wcsicmp

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure