ScreenShot
| Created | 2023.11.30 09:06 | Machine | s1_win7_x6403 |
| Filename | 1 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 11 detected (AIDetectMalware, Artemis, Bitrep, unsafe, Generic@AI, RDML, 4uxE6YDLDIEKGf2Z+q9EUA, susgen) | ||
| md5 | 45ae0455fdcb1ceb6e1d3eed8ba7ffaf | ||
| sha256 | 40443a173109769738ac141017ad4e51dee33603d7f22f4f2dd8863b892d9ad4 | ||
| ssdeep | 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7jo:4thTiP+ffCfB5Lf0F7Z1E7jo | ||
| imphash | 91c9c82d5da6c673b4454be0c166d822 | ||
| impfuzzy | 12:VA/DzqYOZxIBy21TAmgOtHSXIThdZ4CMXu/:V0DBauDuOtHSXGJWy | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x55768c LoadLibraryA
0x557690 GetProcAddress
0x557694 VirtualProtect
0x557698 VirtualAlloc
0x55769c VirtualFree
0x5576a0 ExitProcess
ADVAPI32.dll
0x5576a8 FreeSid
COMCTL32.dll
0x5576b0 None
comdlg32.dll
0x5576b8 GetFileTitleA
GDI32.dll
0x5576c0 SaveDC
NETAPI32.dll
0x5576c8 Netbios
ole32.dll
0x5576d0 CoInitialize
OLEAUT32.dll
0x5576d8 RegisterTypeLib
oledlg.dll
0x5576e0 None
OLEPRO32.DLL
0x5576e8 None
SHELL32.dll
0x5576f0 DragFinish
urlmon.dll
0x5576f8 URLDownloadToFileA
USER32.dll
0x557700 GetDC
VERSION.dll
0x557708 VerQueryValueA
WININET.dll
0x557710 FtpOpenFileA
WINMM.dll
0x557718 timeGetTime
WINSPOOL.DRV
0x557720 OpenPrinterA
EAT(Export Address Table) is none
KERNEL32.DLL
0x55768c LoadLibraryA
0x557690 GetProcAddress
0x557694 VirtualProtect
0x557698 VirtualAlloc
0x55769c VirtualFree
0x5576a0 ExitProcess
ADVAPI32.dll
0x5576a8 FreeSid
COMCTL32.dll
0x5576b0 None
comdlg32.dll
0x5576b8 GetFileTitleA
GDI32.dll
0x5576c0 SaveDC
NETAPI32.dll
0x5576c8 Netbios
ole32.dll
0x5576d0 CoInitialize
OLEAUT32.dll
0x5576d8 RegisterTypeLib
oledlg.dll
0x5576e0 None
OLEPRO32.DLL
0x5576e8 None
SHELL32.dll
0x5576f0 DragFinish
urlmon.dll
0x5576f8 URLDownloadToFileA
USER32.dll
0x557700 GetDC
VERSION.dll
0x557708 VerQueryValueA
WININET.dll
0x557710 FtpOpenFileA
WINMM.dll
0x557718 timeGetTime
WINSPOOL.DRV
0x557720 OpenPrinterA
EAT(Export Address Table) is none