popup

Report - 4.exe

PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.01.10 09:27 Machine s1_win7_x6401
Filename 4.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
10
 Behavior Score
1.6
ZERO API file : malware
VT API (file) 46 detected (AIDetectMalware, Zload, malicious, high confidence, Mint, Zard, Artemis, Ve9i, Attribute, HighConfidence, score, CrypterX, Qimw, XPACK, LUMMASTEALER, YXEAIZ, GenKryptik, Sabsik, Detected, unsafe, GdSda, Md2PASAtvEH, Static AI, Malicious PE, susgen, GSHU, confidence, 100%)
md5 913edccd8dd523f0c257a7f55598a19f
sha256 d0088d5fbd159e1d0c51bd9a069382acb3d246a5f94bcd19bcd32897b85d91c1
ssdeep 12288:0T7jG8OlLq/5ocOqfn1/Ljga0DrW1Kmy8LABd:07tOlLMlf1/nH0mXFLAB
imphash 7f2ad773523beff11f9bb19bd12835bf
impfuzzy 6:hMXDJGsoZ/Ox2KSJGsC2vC17xdFL3LTC1acazty242Q:hMXPoZGx2KACBDLO1N6T42Q
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 46 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (2cnts)

Level Name Description Collection
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x45f598 AcquireSRWLockExclusive
 0x45f59c ExitProcess
 0x45f5a0 ReleaseSRWLockExclusive
GDI32.dll
 0x45f5a8 BitBlt
 0x45f5ac CreateCompatibleBitmap
 0x45f5b0 CreateCompatibleDC
 0x45f5b4 DeleteDC
 0x45f5b8 DeleteObject
 0x45f5bc GetDIBits
 0x45f5c0 GetDeviceCaps
 0x45f5c4 GetObjectW
 0x45f5c8 SelectObject
USER32.dll
 0x45f5d0 GetDC
 0x45f5d4 ReleaseDC

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure