ScreenShot
Created | 2024.03.31 11:35 | Machine | s1_win7_x6401 |
Filename | index.php | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 31 detected (AIDetectMalware, Mokes, Malicious, score, unsafe, Save, Attribute, HighConfidence, high confidence, PWSX, SmokeLoader, CLASSIC, ZexaF, tq0@aSEU5OpG, high, Krypt, Danabot, Detected, STOP, Sabsik, Azorult, Obfuscated, Static AI, Malicious PE, Kryptik, HWMW, confidence, 100%) | ||
md5 | 26aee3a7465466d22840f63b13eb1370 | ||
sha256 | 9f2967278ba3b255fdda7a98062fadb86155b3b5431587fd58e9b234a4579a3b | ||
ssdeep | 6144:PhtITwXHa8vNGJ/15QKM4ayfk9d6TzZhT:bITwXxQJ/3Q7kfhTzP | ||
imphash | aa3b3c495b764f201db0b7628adaf6ca | ||
impfuzzy | 24:OztkrkRNUTgfPBl5QkK5JcDoEdQBRv9pTJGtKu9XiOovIG0oj3Nc7v96SBZatGAX:O6SFpd+lpTQTG0ENcL96SCttAQ1 |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (11cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | 1 | dumpmem | |
info | 1 | memory | |
info | 1 | office | |
info | 1 | scripts | |
info | 1 | urls | |
info | 94102 | shellcode |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
&emsp
KERNEL32.dll
&emsp