ScreenShot
Created | 2024.01.10 09:27 | Machine | s1_win7_x6401 |
Filename | 4.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 46 detected (AIDetectMalware, Zload, malicious, high confidence, Mint, Zard, Artemis, Ve9i, Attribute, HighConfidence, score, CrypterX, Qimw, XPACK, LUMMASTEALER, YXEAIZ, GenKryptik, Sabsik, Detected, unsafe, GdSda, Md2PASAtvEH, Static AI, Malicious PE, susgen, GSHU, confidence, 100%) | ||
md5 | 913edccd8dd523f0c257a7f55598a19f | ||
sha256 | d0088d5fbd159e1d0c51bd9a069382acb3d246a5f94bcd19bcd32897b85d91c1 | ||
ssdeep | 12288:0T7jG8OlLq/5ocOqfn1/Ljga0DrW1Kmy8LABd:07tOlLMlf1/nH0mXFLAB | ||
imphash | 7f2ad773523beff11f9bb19bd12835bf | ||
impfuzzy | 6:hMXDJGsoZ/Ox2KSJGsC2vC17xdFL3LTC1acazty242Q:hMXPoZGx2KACBDLO1N6T42Q |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x45f598 AcquireSRWLockExclusive
0x45f59c ExitProcess
0x45f5a0 ReleaseSRWLockExclusive
GDI32.dll
0x45f5a8 BitBlt
0x45f5ac CreateCompatibleBitmap
0x45f5b0 CreateCompatibleDC
0x45f5b4 DeleteDC
0x45f5b8 DeleteObject
0x45f5bc GetDIBits
0x45f5c0 GetDeviceCaps
0x45f5c4 GetObjectW
0x45f5c8 SelectObject
USER32.dll
0x45f5d0 GetDC
0x45f5d4 ReleaseDC
EAT(Export Address Table) is none
KERNEL32.dll
0x45f598 AcquireSRWLockExclusive
0x45f59c ExitProcess
0x45f5a0 ReleaseSRWLockExclusive
GDI32.dll
0x45f5a8 BitBlt
0x45f5ac CreateCompatibleBitmap
0x45f5b0 CreateCompatibleDC
0x45f5b4 DeleteDC
0x45f5b8 DeleteObject
0x45f5bc GetDIBits
0x45f5c0 GetDeviceCaps
0x45f5c4 GetObjectW
0x45f5c8 SelectObject
USER32.dll
0x45f5d0 GetDC
0x45f5d4 ReleaseDC
EAT(Export Address Table) is none