ScreenShot
| Created | 2024.01.03 07:43 | Machine | s1_win7_x6403 |
| Filename | ioot.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, lt2b, malicious, moderate confidence, score, GenericKD, unsafe, Save, Attribute, HighConfidence, FlyStudio, Artemis, Wsgame, kgcopq, CLOUD, R002C0GA124, high, QQWare, Detected, ai score=85, Wacatac, Caynamer, 192BHS8, Eldorado, ZexaF, LmGfayJZNvab, BScope, Emotet, MachineLearning, Anomalous, Chgt, GenAsa, ZU78ump4sm8, Static AI, Malicious PE, susgen, CoinMiner, confidence, 100%) | ||
| md5 | 85215c82405b536a3b55105bb3fe361a | ||
| sha256 | 141262cbd24e43f4c8911c32896fe6c1f0f5e171e8e6e6bd26a24a7bfde0dcd0 | ||
| ssdeep | 12288:+jy9rdsHeEpuV/xS90ngivnqqbJ1/l/oWzDC:5dsHeEpuVk6guqo19wiD | ||
| imphash | 903da1045a01db94c1ae4ff05ccbc0da | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EwRgsyIBM9IVArdLMKJAmzRjLbtuISXmJJcJ1v4V:VA/DzqYOZ9RghIBAIV2d+m9xutX+m1vY | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x5554fc LoadLibraryA
0x555500 GetProcAddress
0x555504 VirtualProtect
0x555508 VirtualAlloc
0x55550c VirtualFree
0x555510 ExitProcess
ADVAPI32.dll
0x555518 RegCloseKey
COMCTL32.dll
0x555520 None
comdlg32.dll
0x555528 ChooseColorA
GDI32.dll
0x555530 PatBlt
ole32.dll
0x555538 OleInitialize
OLEAUT32.dll
0x555540 LoadTypeLib
SHELL32.dll
0x555548 ShellExecuteA
USER32.dll
0x555550 GetDC
WINMM.dll
0x555558 waveOutOpen
WINSPOOL.DRV
0x555560 ClosePrinter
WS2_32.dll
0x555568 WSACleanup
EAT(Export Address Table) is none
KERNEL32.DLL
0x5554fc LoadLibraryA
0x555500 GetProcAddress
0x555504 VirtualProtect
0x555508 VirtualAlloc
0x55550c VirtualFree
0x555510 ExitProcess
ADVAPI32.dll
0x555518 RegCloseKey
COMCTL32.dll
0x555520 None
comdlg32.dll
0x555528 ChooseColorA
GDI32.dll
0x555530 PatBlt
ole32.dll
0x555538 OleInitialize
OLEAUT32.dll
0x555540 LoadTypeLib
SHELL32.dll
0x555548 ShellExecuteA
USER32.dll
0x555550 GetDC
WINMM.dll
0x555558 waveOutOpen
WINSPOOL.DRV
0x555560 ClosePrinter
WS2_32.dll
0x555568 WSACleanup
EAT(Export Address Table) is none