popup

Report - cp.exe

Themida Packer UPX PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.12.04 15:40 Machine s1_win7_x6403
Filename cp.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
6
 Behavior Score
1.0
ZERO API file : malware
VT API (file)
md5 67c91a40f9550dca6e0caf57325b9a10
sha256 b3210c2edf5c7692385406495e2745e108e404bbcab374c0ec2902bf7cb1e371
ssdeep 98304:kt8mEfgml7ba8CeEKpo4//jnDQSYrvD8oudALqV6BC2gxSCIwTNMTxn+OCWk:kvEfgqkezO4jnDQSIBudAWV6BC2nCIOj
imphash 4606041c7eb9dc2ea0c018ff25cd5fa6
impfuzzy 6:nEJtLqTBIVzuABLbX/jtlJoZ/OiBJAEnERGDW:EJtLqTBIZuyHLTOZGqAJcDW
  Network IP location

Signature (3cnts)

Level Description
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is likely packed with VMProtect
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (4cnts)

Level Name Description Collection
warning themida_packer themida packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0xc34000 GetModuleHandleA
USER32.dll
 0xc34008 SetClipboardData
ADVAPI32.dll
 0xc34010 RegSetValueExA
SHELL32.dll
 0xc34018 ShellExecuteExW
ole32.dll
 0xc34020 CoTaskMemFree
kernel32.dll
 0xc34028 GetSystemTimeAsFileTime
kernel32.dll
 0xc34030 HeapAlloc
 0xc34034 HeapFree
 0xc34038 ExitProcess
 0xc3403c LoadLibraryA
 0xc34040 GetModuleHandleA
 0xc34044 GetProcAddress

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure