ScreenShot
| Created | 2024.01.05 07:51 | Machine | s1_win7_x6401 |
| Filename | yhjjs.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (AIDetectMalware, FlyStudio, malicious, moderate confidence, GenericKD, Real Protect, Save, confidence, 100%, Attribute, HighConfidence, z1n94PrSKOS, R002C0DA324, QQWare, Detected, Eldorado, Wacatac, Malgent, 19HHMJH, score, ZexaF, CmGfaK1PjSdb, ai score=81, unsafe, Chgt, GenAsa, ZU78ump4sm8, Static AI, Malicious PE, susgen, CoinMiner) | ||
| md5 | bbdaaf92e5a05790eadb9563e54148ff | ||
| sha256 | 1b67f0a811bcf89e4d5d7c3217605d576c0b3e8164669d6536220c8ddfa3a466 | ||
| ssdeep | 6144:g4P4WjU+qsYMEB8oA34t8zI0Ou9nGWRF+/MSZLC/0Id33FpQPAHjuNHCP:VbIXsYBPAwHu9nnRF+vmz3KEjv | ||
| imphash | 903da1045a01db94c1ae4ff05ccbc0da | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EwRgsyIBM9IVArdLMKJAmzRjLbtuISXmJJcJ1v4V:VA/DzqYOZ9RghIBAIV2d+m9xutX+m1vY | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x512c04 LoadLibraryA
0x512c08 GetProcAddress
0x512c0c VirtualProtect
0x512c10 VirtualAlloc
0x512c14 VirtualFree
0x512c18 ExitProcess
ADVAPI32.dll
0x512c20 RegCloseKey
COMCTL32.dll
0x512c28 None
comdlg32.dll
0x512c30 ChooseColorA
GDI32.dll
0x512c38 PatBlt
ole32.dll
0x512c40 OleInitialize
OLEAUT32.dll
0x512c48 LoadTypeLib
SHELL32.dll
0x512c50 ShellExecuteA
USER32.dll
0x512c58 GetDC
WINMM.dll
0x512c60 waveOutOpen
WINSPOOL.DRV
0x512c68 ClosePrinter
WS2_32.dll
0x512c70 WSACleanup
EAT(Export Address Table) is none
KERNEL32.DLL
0x512c04 LoadLibraryA
0x512c08 GetProcAddress
0x512c0c VirtualProtect
0x512c10 VirtualAlloc
0x512c14 VirtualFree
0x512c18 ExitProcess
ADVAPI32.dll
0x512c20 RegCloseKey
COMCTL32.dll
0x512c28 None
comdlg32.dll
0x512c30 ChooseColorA
GDI32.dll
0x512c38 PatBlt
ole32.dll
0x512c40 OleInitialize
OLEAUT32.dll
0x512c48 LoadTypeLib
SHELL32.dll
0x512c50 ShellExecuteA
USER32.dll
0x512c58 GetDC
WINMM.dll
0x512c60 waveOutOpen
WINSPOOL.DRV
0x512c68 ClosePrinter
WS2_32.dll
0x512c70 WSACleanup
EAT(Export Address Table) is none