ScreenShot
| Created | 2023.12.18 09:48 | Machine | s1_win7_x6403 |
| Filename | qwe.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, Mint, Zard, malicious, confidence, Attribute, HighConfidence, high confidence, Zload, high, score, Static AI, Malicious PE, HrupT, Wacapew, ai score=83, unsafe, Generic@AI, RDML, OVjD2m1BsDgndkfN2QcgTQ, ZexaF, DqW@aSlN3Ie) | ||
| md5 | 9f497e5418aaf7b8f15b92535de3c0d9 | ||
| sha256 | 343472c00eb7b941aa8b25e90a3b9335a00f52690edefe1d9eb2df9bfa126b2c | ||
| ssdeep | 12288:tWjFG3WnyUhcw0tJ8QDdUh6Q2M587ZD8AHZgLs:tWRGmnyUhcnbDd+zkNKL | ||
| imphash | a9d9a295e8263c195678600a521ac345 | ||
| impfuzzy | 3:snMO/QHAGegYhWkDHLsfvC1LlNxQIZXblN3eYLpxC1LpAGaLAwWAMAXZzXbq4zCI:oZ/QHA42tHWvC17xdFL3LTC1acaztyI | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | One or more processes crashed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x451ab8 ExitProcess
USER32.dll
0x451ac0 GetDC
0x451ac4 ReleaseDC
GDI32.dll
0x451acc BitBlt
0x451ad0 CreateCompatibleBitmap
0x451ad4 CreateCompatibleDC
0x451ad8 DeleteDC
0x451adc DeleteObject
0x451ae0 GetDIBits
0x451ae4 GetDeviceCaps
0x451ae8 GetObjectW
0x451aec SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x451ab8 ExitProcess
USER32.dll
0x451ac0 GetDC
0x451ac4 ReleaseDC
GDI32.dll
0x451acc BitBlt
0x451ad0 CreateCompatibleBitmap
0x451ad4 CreateCompatibleDC
0x451ad8 DeleteDC
0x451adc DeleteObject
0x451ae0 GetDIBits
0x451ae4 GetDeviceCaps
0x451ae8 GetObjectW
0x451aec SelectObject
EAT(Export Address Table) is none