ScreenShot
Created | 2024.04.10 13:42 | Machine | s1_win7_x6403 |
Filename | DSKeOWN1.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 58 detected (AIDetectMalware, Malicious, score, Artemis, unsafe, Japik, Save, confidence, 100%, Attribute, HighConfidence, Windows, InjectorX, Lazy, Inject5, klcdgk, Ma4kQLHBcuO, R011C0DD424, moderate, Detected, ai score=80, Sabsik, Zusy, Eldorado, R630595, ZexaF, kqW@a40kKkbi, Genetic, Gencirc, Static AI, Malicious PE, susgen) | ||
md5 | 959db6fb58d86b24436a5228fdf1cd01 | ||
sha256 | b39e67fdff8dad1a8f64c0d2a01e312cdecd3d64bbedd842b01216cb09f22c65 | ||
ssdeep | 3072:UQpsjxl96J7HsLvbh4insM3eR7Tbt1iQriHdvp7tl2kUBpxYgw:UQpsjB6JQLvfsMuhPtW9vpxl2vrxi | ||
imphash | eb3adbfdfdb25911eaec8fef643f639b | ||
impfuzzy | 12:JXRnl2Bpj5DNZhBZGX1juK9TdyCO7Kwxrji2wd3E02:JXRnlc5DNHg1juK9Td4KwxC1E1 |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x402060 StrNCatW
0x402064 StrStrIW
0x402068 StrCatW
0x40206c StrCpyW
KERNEL32.dll
0x402018 SizeofResource
0x40201c GetCurrentProcess
0x402020 FindResourceA
0x402024 GetModuleHandleA
0x402028 LockResource
0x40202c GetProcAddress
0x402030 IsWow64Process
0x402034 ExitProcess
0x402038 GetProcessHeap
0x40203c HeapAlloc
0x402040 lstrlenW
0x402044 HeapFree
0x402048 LoadResource
ADVAPI32.dll
0x402000 RegSetValueExW
0x402004 CryptAcquireContextW
0x402008 CryptGenRandom
0x40200c RegOpenKeyExW
0x402010 CryptReleaseContext
ole32.dll
0x402074 CoInitializeSecurity
0x402078 CoCreateInstance
0x40207c CoUninitialize
0x402080 CoInitializeEx
OLEAUT32.dll
0x402050 SysFreeString
0x402054 VariantInit
0x402058 SysAllocString
EAT(Export Address Table) is none
SHLWAPI.dll
0x402060 StrNCatW
0x402064 StrStrIW
0x402068 StrCatW
0x40206c StrCpyW
KERNEL32.dll
0x402018 SizeofResource
0x40201c GetCurrentProcess
0x402020 FindResourceA
0x402024 GetModuleHandleA
0x402028 LockResource
0x40202c GetProcAddress
0x402030 IsWow64Process
0x402034 ExitProcess
0x402038 GetProcessHeap
0x40203c HeapAlloc
0x402040 lstrlenW
0x402044 HeapFree
0x402048 LoadResource
ADVAPI32.dll
0x402000 RegSetValueExW
0x402004 CryptAcquireContextW
0x402008 CryptGenRandom
0x40200c RegOpenKeyExW
0x402010 CryptReleaseContext
ole32.dll
0x402074 CoInitializeSecurity
0x402078 CoCreateInstance
0x40207c CoUninitialize
0x402080 CoInitializeEx
OLEAUT32.dll
0x402050 SysFreeString
0x402054 VariantInit
0x402058 SysAllocString
EAT(Export Address Table) is none