ScreenShot
| Created | 2023.12.04 15:36 | Machine | s1_win7_x6403 |
| Filename | aiitoo.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, lpZC, malicious, moderate confidence, GenericKD, Save, Malgent, ZexaF, 8mKfaCjEGcab, Attribute, HighConfidence, FlyStudio, score, high, Static AI, Malicious PE, OnlineGames, Eldorado, ai score=84, Wacatac, 19HHMJH, Detected, Artemis, BScope, Emotet, unsafe, Chgt, CLOUD, GenAsa, ZU78ump4sm8, Disabler, susgen, CoinMiner, confidence, 100%) | ||
| md5 | 5ea91b3790b5e6e52eb199a13d945808 | ||
| sha256 | d3118d56b9977d9214ab781a87b84ead39ff766dc73465a3b9dbfcb93cf92d4f | ||
| ssdeep | 12288:hwJ0QMXjt7Vsb3xLMLGSRGgVIUmRpI/F+ir:hwJdgjxVK3xgL1RGnUpF | ||
| imphash | 903da1045a01db94c1ae4ff05ccbc0da | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EwRgsyIBM9IVArdLMKJAmzRjLbtuISXmJJcJ1v4V:VA/DzqYOZ9RghIBAIV2d+m9xutX+m1vY | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x5f2ba4 LoadLibraryA
0x5f2ba8 GetProcAddress
0x5f2bac VirtualProtect
0x5f2bb0 VirtualAlloc
0x5f2bb4 VirtualFree
0x5f2bb8 ExitProcess
ADVAPI32.dll
0x5f2bc0 RegCloseKey
COMCTL32.dll
0x5f2bc8 None
comdlg32.dll
0x5f2bd0 ChooseColorA
GDI32.dll
0x5f2bd8 PatBlt
ole32.dll
0x5f2be0 OleInitialize
OLEAUT32.dll
0x5f2be8 LoadTypeLib
SHELL32.dll
0x5f2bf0 ShellExecuteA
USER32.dll
0x5f2bf8 GetDC
WINMM.dll
0x5f2c00 waveOutOpen
WINSPOOL.DRV
0x5f2c08 ClosePrinter
WS2_32.dll
0x5f2c10 WSACleanup
EAT(Export Address Table) is none
KERNEL32.DLL
0x5f2ba4 LoadLibraryA
0x5f2ba8 GetProcAddress
0x5f2bac VirtualProtect
0x5f2bb0 VirtualAlloc
0x5f2bb4 VirtualFree
0x5f2bb8 ExitProcess
ADVAPI32.dll
0x5f2bc0 RegCloseKey
COMCTL32.dll
0x5f2bc8 None
comdlg32.dll
0x5f2bd0 ChooseColorA
GDI32.dll
0x5f2bd8 PatBlt
ole32.dll
0x5f2be0 OleInitialize
OLEAUT32.dll
0x5f2be8 LoadTypeLib
SHELL32.dll
0x5f2bf0 ShellExecuteA
USER32.dll
0x5f2bf8 GetDC
WINMM.dll
0x5f2c00 waveOutOpen
WINSPOOL.DRV
0x5f2c08 ClosePrinter
WS2_32.dll
0x5f2c10 WSACleanup
EAT(Export Address Table) is none