Report - index.php

Malicious Library UPX PE File PE32 OS Processor Check

ScreenShot

Info
Location map


Created	2024.03.31 11:35	Machine	s1_win7_x6401
Filename	index.php
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	4	Behavior Score	1.8
ZERO API	file : malware
VT API (file)	31 detected (AIDetectMalware, Mokes, Malicious, score, unsafe, Save, Attribute, HighConfidence, high confidence, PWSX, SmokeLoader, CLASSIC, ZexaF, tq0@aSEU5OpG, high, Krypt, Danabot, Detected, STOP, Sabsik, Azorult, Obfuscated, Static AI, Malicious PE, Kryptik, HWMW, confidence, 100%)
md5	26aee3a7465466d22840f63b13eb1370
sha256	9f2967278ba3b255fdda7a98062fadb86155b3b5431587fd58e9b234a4579a3b
ssdeep	6144:PhtITwXHa8vNGJ/15QKM4ayfk9d6TzZhT:bITwXxQJ/3Q7kfhTzP
imphash	aa3b3c495b764f201db0b7628adaf6ca
impfuzzy	24:OztkrkRNUTgfPBl5QkK5JcDoEdQBRv9pTJGtKu9XiOovIG0oj3Nc7v96SBZatGAX:O6SFpd+lpTQTG0ENcL96SCttAQ1

Network IP location

Signature (5cnts)

Level	Description
danger	File has been identified by 31 AntiVirus engines on VirusTotal as malicious
danger	File has been identified by 31 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path

Rules (11cnts)

Level	Name	Description	Collection
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	1		dumpmem
info	1		memory
info	1		office
info	1		scripts
info	1		urls
info	94102		shellcode

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
&emsp

Similarity measure (PE file only) - Checking for service failure