popup

Report - r.exe

EnigmaProtector PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.09 07:50 Machine s1_win7_x6403
Filename r.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
10
 Behavior Score
2.0
ZERO API file : malware
VT API (file)
md5 e7f56e0f417b37f40e50145970b25ffa
sha256 83b5b5e0e33939cd18fbb34cb15e39647d93aeeb878df52a324f73f357749811
ssdeep 49152:NNB7UmBUHRg2a24yhd7PQiH7b/5W/e47SvdETb9kFAQovs59:1+BayhdDQiH//I/yvd+9ns59
imphash 5e5ac8ab7be27ac2d1c548e5589378b6
impfuzzy 6:nERGDvZ/OiBJAEcXQwDLzRgSdn8BbMqtYbdm:EcDvZGqA9AwDXRgKQcm
  Network IP location

Signature (6cnts)

Level Description
watch Detects Avast Antivirus through the presence of a library
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
warning EnigmaProtector_IN EnigmaProtector binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0xb23f64 GetModuleHandleA
 0xb23f68 GetProcAddress
 0xb23f6c ExitProcess
 0xb23f70 LoadLibraryA
user32.dll
 0xb23f78 MessageBoxA
advapi32.dll
 0xb23f80 RegCloseKey
oleaut32.dll
 0xb23f88 SysFreeString
gdi32.dll
 0xb23f90 CreateFontA
shell32.dll
 0xb23f98 ShellExecuteA
version.dll
 0xb23fa0 GetFileVersionInfoA

EAT(Export Address Table) Library


Similarity measure (PE file only) - Checking for service failure