ScreenShot
| Created | 2023.10.16 10:58 | Machine | s1_win7_x6401 |
| Filename | rc2.jpg | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetectMalware, ProxyChanger, Ursu, Artemis, unsafe, malicious, confidence, 100%, Proxy, moderate confidence, score, kcfueu, TrojanX, Cwnw, ProxyChange, vhsxg, ABProxy, ZQKO, Malgent, Detected, ai score=89, R002H0CJC23, pb8GMVSJ4OT, susgen) | ||
| md5 | 9727340e36156ec7295b019317a9c5d5 | ||
| sha256 | eb4efba721c9a2675bb96813f0fa684d0d4dad793639b4497d840f41ba47be9f | ||
| ssdeep | 768:IVXR5Z7y0+RWQZaUHurZSW81O5c9StzD1Rn2oJB4OtwGgMmhfuAR4/60yw:IRvZ7uRW0HuFSnEcotzSoJGPhnRNh | ||
| imphash | dbfaf7f239d81b6c3b337622798375db | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVb+/fswT3Wog9IaEqXZsU/KJQyyzHaZRXb9U97fJP:VA/DzqY6/9LaE2iaqxb2r | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x1001a208 LoadLibraryA
0x1001a20c GetProcAddress
0x1001a210 VirtualProtect
0x1001a214 VirtualAlloc
0x1001a218 VirtualFree
ADVAPI32.dll
0x1001a220 FreeSid
api-ms-win-crt-filesystem-l1-1-0.dll
0x1001a228 remove
api-ms-win-crt-heap-l1-1-0.dll
0x1001a230 free
api-ms-win-crt-locale-l1-1-0.dll
0x1001a238 setlocale
api-ms-win-crt-runtime-l1-1-0.dll
0x1001a240 abort
api-ms-win-crt-stdio-l1-1-0.dll
0x1001a248 fread
api-ms-win-crt-string-l1-1-0.dll
0x1001a250 _wcsdup
api-ms-win-crt-time-l1-1-0.dll
0x1001a258 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x1001a260 srand
IPHLPAPI.DLL
0x1001a268 GetAdaptersInfo
VCRUNTIME140.dll
0x1001a270 memchr
WS2_32.dll
0x1001a278 gethostbyname
EAT(Export Address Table) Library
0x10004890 Handler
0x100048a0 RCW
KERNEL32.DLL
0x1001a208 LoadLibraryA
0x1001a20c GetProcAddress
0x1001a210 VirtualProtect
0x1001a214 VirtualAlloc
0x1001a218 VirtualFree
ADVAPI32.dll
0x1001a220 FreeSid
api-ms-win-crt-filesystem-l1-1-0.dll
0x1001a228 remove
api-ms-win-crt-heap-l1-1-0.dll
0x1001a230 free
api-ms-win-crt-locale-l1-1-0.dll
0x1001a238 setlocale
api-ms-win-crt-runtime-l1-1-0.dll
0x1001a240 abort
api-ms-win-crt-stdio-l1-1-0.dll
0x1001a248 fread
api-ms-win-crt-string-l1-1-0.dll
0x1001a250 _wcsdup
api-ms-win-crt-time-l1-1-0.dll
0x1001a258 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x1001a260 srand
IPHLPAPI.DLL
0x1001a268 GetAdaptersInfo
VCRUNTIME140.dll
0x1001a270 memchr
WS2_32.dll
0x1001a278 gethostbyname
EAT(Export Address Table) Library
0x10004890 Handler
0x100048a0 RCW