ScreenShot
| Created | 2024.04.10 13:42 | Machine | s1_win7_x6403 |
| Filename | xIPJVPDq.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, Malicious, score, Artemis, GenericKD, unsafe, Vna3, confidence, 100%, Genus, Attribute, HighConfidence, Windows, MalwareX, Convagent, RpZwAEZYoLL, RKIT, tlptm, ZexaF, aqW@aOgyjOni, R002C0XD524, Detected, ai score=89, HeurC, KVM003, Sabsik, Casdet, Babar, ABRisk, WVVH, Chgt, R002H09CV24, Static AI, Suspicious PE, susgen) | ||
| md5 | 0c550ce9bb3efa8c3ce80a507cadfffa | ||
| sha256 | 0dc62bc58b6ae1a7971a73973731b6d3f23e8003280451b84623803c39a3f912 | ||
| ssdeep | 192:yh4gD1GAhChMSXhCUFaBoU3rKgjwQx5K:S4gD1LhChhXhCEaBo+sQx5K | ||
| imphash | 30d35e90c7fc045dc052f4030df3d03c | ||
| impfuzzy | 24:HIhyOqUMmD7CHZzRljBfz9z1Ua8TdMjkpCziwxS1E1:HLOvMi4pRvZFlH1 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x4020b4 StrCatW
0x4020b8 PathCombineW
KERNEL32.dll
0x402034 SizeofResource
0x402038 GetCurrentProcess
0x40203c WriteFile
0x402040 GetTempPathW
0x402044 CreateFileW
0x402048 GetModuleHandleA
0x40204c Sleep
0x402050 GetLastError
0x402054 LockResource
0x402058 DeleteFileW
0x40205c LoadResource
0x402060 K32EnumProcesses
0x402064 GetProcAddress
0x402068 GetCurrentProcessId
0x40206c CreateProcessW
0x402070 IsWow64Process
0x402074 ExitProcess
0x402078 CloseHandle
0x40207c OpenProcess
0x402080 K32EnumProcessModulesEx
0x402084 WaitForSingleObject
0x402088 TerminateProcess
0x40208c GetProcessHeap
0x402090 HeapAlloc
0x402094 HeapFree
0x402098 ReadProcessMemory
0x40209c FindResourceA
ADVAPI32.dll
0x402000 CryptReleaseContext
0x402004 RegDeleteValueW
0x402008 LookupPrivilegeValueW
0x40200c AdjustTokenPrivileges
0x402010 CryptAcquireContextW
0x402014 CryptGenRandom
0x402018 RegCloseKey
0x40201c RegDeleteKeyExW
0x402020 RegDeleteKeyW
0x402024 RegEnumKeyExW
0x402028 RegOpenKeyExW
0x40202c OpenProcessToken
ole32.dll
0x4020c0 CoInitializeSecurity
0x4020c4 CoUninitialize
0x4020c8 CoCreateInstance
0x4020cc CoInitializeEx
OLEAUT32.dll
0x4020a4 SysFreeString
0x4020a8 VariantInit
0x4020ac SysAllocString
EAT(Export Address Table) is none
SHLWAPI.dll
0x4020b4 StrCatW
0x4020b8 PathCombineW
KERNEL32.dll
0x402034 SizeofResource
0x402038 GetCurrentProcess
0x40203c WriteFile
0x402040 GetTempPathW
0x402044 CreateFileW
0x402048 GetModuleHandleA
0x40204c Sleep
0x402050 GetLastError
0x402054 LockResource
0x402058 DeleteFileW
0x40205c LoadResource
0x402060 K32EnumProcesses
0x402064 GetProcAddress
0x402068 GetCurrentProcessId
0x40206c CreateProcessW
0x402070 IsWow64Process
0x402074 ExitProcess
0x402078 CloseHandle
0x40207c OpenProcess
0x402080 K32EnumProcessModulesEx
0x402084 WaitForSingleObject
0x402088 TerminateProcess
0x40208c GetProcessHeap
0x402090 HeapAlloc
0x402094 HeapFree
0x402098 ReadProcessMemory
0x40209c FindResourceA
ADVAPI32.dll
0x402000 CryptReleaseContext
0x402004 RegDeleteValueW
0x402008 LookupPrivilegeValueW
0x40200c AdjustTokenPrivileges
0x402010 CryptAcquireContextW
0x402014 CryptGenRandom
0x402018 RegCloseKey
0x40201c RegDeleteKeyExW
0x402020 RegDeleteKeyW
0x402024 RegEnumKeyExW
0x402028 RegOpenKeyExW
0x40202c OpenProcessToken
ole32.dll
0x4020c0 CoInitializeSecurity
0x4020c4 CoUninitialize
0x4020c8 CoCreateInstance
0x4020cc CoInitializeEx
OLEAUT32.dll
0x4020a4 SysFreeString
0x4020a8 VariantInit
0x4020ac SysAllocString
EAT(Export Address Table) is none