ScreenShot
| Created | 2023.11.22 13:27 | Machine | s1_win7_x6403 |
| Filename | 227.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 16 detected (GenericKD, Artemis, malicious, confidence, 100%, REDLINE, YXDKVZ, ai score=84, Malgent) | ||
| md5 | ec9034a2f644a91e5fcdd3d7b853352e | ||
| sha256 | 964de6faee7c442040d21b879052c0b1b4fb90ded1bb3644252af444a0a4031b | ||
| ssdeep | 24576:oRa6JTRA3qfVqfIP56Ntgp7+q/Ve96AdksgKxbLAIVaz9CAFdy8rMghiDSk74914:oRa6Ja3EVcIP567ASesJxq0PmQ7V | ||
| imphash | e6ee62637ef4a025bf77f2f5ca3f2fab | ||
| impfuzzy | 192:mn75Gh2c5idtdJRFuGRHxRScAPeQObQ02KSsP6iy33kxUvXwut8CrvDX:C75Ghx8vARPeQObRuP3VVvvD | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
