popup

Report - 03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e

HWP PS PostScript UPX MSOffice File Lnk Format GIF Format PE File PE32 OS Processor Check JPEG Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.03.25 15:50 Machine s1_win7_x6401
Filename 03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e
Type Hangul (Korean) Word Processor File 5.x
AI Score Not founds Behavior Score
2.4
ZERO API file : clean
VT API (file) 17 detected (Malicious, score, GenericKD, jplgn, ai score=80)
md5 4c033029dd47e1029ff45d550d5811f9
sha256 03e297f4a0ac3f262ca8ae50f9e14db8bb33e6840f1f30acd576826c0800b24e
ssdeep 3072:GFzFYtek5nkrTW9XEixmN2rraUxzDipSU9KNO1Kb3iAPFUxV12:htek5nkqx0UywzOpbD1KyAOX12
imphash
impfuzzy
  Network IP location

Signature (6cnts)

Level Description
watch File has been identified by 17 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a shortcut to an executable file
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
info Checks if process is being debugged by a debugger

Rules (12cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (download)
watch Win32_HWP_PostScript_Zero Detect a HWP with embedded Post Script code binaries (upload)
info HWP_file_format HWP Document File binaries (download)
info HWP_file_format HWP Document File binaries (upload)
info IsPE32 (no description) binaries (download)
info JPEG_Format_Zero JPEG Format binaries (download)
info lnk_file_format Microsoft Windows Shortcut File Format binaries (download)
info Lnk_Format_Zero LNK Format binaries (download)
info Microsoft_Office_File_Zero Microsoft Office File binaries (download)
info Microsoft_Office_File_Zero Microsoft Office File binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info PE_Header_Zero PE File Signature binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids


Similarity measure (PE file only) - Checking for service failure