popup

Report - ma.exe

UPX PE File PE64 .NET EXE
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.12.11 15:28 Machine s1_win7_x6401
Filename ma.exe
Type MS-DOS executable
AI Score
8
 Behavior Score
2.8
ZERO API file : malware
VT API (file) 25 detected (AIDetectMalware, unsafe, Save, Attribute, HighConfidence, malicious, high confidence, Obsidium, B suspicious, Tasker, bafo, FileRepMalware, LUMMASTEALER, YXDLKZ, score, Detected, Znyonm, R534970, Chgt, CLOUD)
md5 c1ca2440bbc8d8e5928e7d28eb4d24ca
sha256 95df376db067723fd2c47b264824e1287228fa13d336f06629f990f7db307f89
ssdeep 49152:AKUUNcaUQ/x2/pT1BVXB8JTPryPPnjN2NqaDmxQX:AKULaUux+7UTPryPPjNWyU
imphash 37d242f2830d470e9f1762214451e05f
impfuzzy 3:tgW6ISGWquLdAIE3ldTiSJhXYhWkmbsSx2AEn:CuSoMSl5iSz2QEn
  Network IP location

Signature (7cnts)

Level Description
warning File has been identified by 25 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info Is_DotNET_EXE (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

shell32.dll
 0x14023a078 ShellAboutW
mscoree.dll
 0x14023a098 _CorExeMain
advapi32.dll
 0x14023a0b8 GetUserNameW
user32.dll
 0x14023a0d8 ReleaseDC
kernel32.dll
 0x14023a0f8 GetModuleHandleA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure