ScreenShot
| Created | 2024.01.13 19:11 | Machine | s1_win7_x6403 |
| Filename | perlo.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 529534459e46a1deb637dae10c151bda | ||
| sha256 | 25d02c9ff6e6dd4b9b268ee136e563ea47b412fdc3377f4e39edc2ee20758f1e | ||
| ssdeep | 49152:zOXJUbOzKnWpQfTYenU/qwDjLpKAYAqcf:zTbOzKnWpUTYenU/5YAqS | ||
| imphash | 1e453fd81736fddb1b5f5ce807c79734 | ||
| impfuzzy | 6:nERGDvZ/OiBJAEcXQwDLzRgSdn8BbMqtYbdiceXCgyPVe6zA3ML1KlBYhZ:EcDvZGqA9AwDXRgKQcOXCPsKA5Kn | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | EnigmaProtector_IN | EnigmaProtector | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x82114c GetModuleHandleA
0x821150 GetProcAddress
0x821154 ExitProcess
0x821158 LoadLibraryA
user32.dll
0x821160 MessageBoxA
advapi32.dll
0x821168 RegCloseKey
oleaut32.dll
0x821170 SysFreeString
gdi32.dll
0x821178 CreateFontA
shell32.dll
0x821180 ShellExecuteA
version.dll
0x821188 GetFileVersionInfoA
ole32.dll
0x821190 CoInitializeEx
WS2_32.dll
0x821198 shutdown
CRYPT32.dll
0x8211a0 CryptUnprotectData
SHLWAPI.dll
0x8211a8 PathFindExtensionA
gdiplus.dll
0x8211b0 GdiplusStartup
SETUPAPI.dll
0x8211b8 SetupDiGetClassDevsA
ntdll.dll
0x8211c0 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none
kernel32.dll
0x82114c GetModuleHandleA
0x821150 GetProcAddress
0x821154 ExitProcess
0x821158 LoadLibraryA
user32.dll
0x821160 MessageBoxA
advapi32.dll
0x821168 RegCloseKey
oleaut32.dll
0x821170 SysFreeString
gdi32.dll
0x821178 CreateFontA
shell32.dll
0x821180 ShellExecuteA
version.dll
0x821188 GetFileVersionInfoA
ole32.dll
0x821190 CoInitializeEx
WS2_32.dll
0x821198 shutdown
CRYPT32.dll
0x8211a0 CryptUnprotectData
SHLWAPI.dll
0x8211a8 PathFindExtensionA
gdiplus.dll
0x8211b0 GdiplusStartup
SETUPAPI.dll
0x8211b8 SetupDiGetClassDevsA
ntdll.dll
0x8211c0 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none