ScreenShot
| Created | 2024.04.12 08:41 | Machine | s1_win7_x6401 |
| Filename | random.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 04444d22b3bfefd4ea745d46267a9690 | ||
| sha256 | 2d155276d6678839354259ccd3958c96160064e13baa76674ced32aaa32891f0 | ||
| ssdeep | 49152:ds9NRR5MmyC8+CLH9+9GZwh+lDZ13KMm2EBEnCIJBAu+:dQNRG3LiGbZJKMoynbC3 | ||
| imphash | baa93d47220682c04d92f7797d9224ce | ||
| impfuzzy | 3:sBRGKqX1GtLRaY:nlc9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x548033 lstrcpy
comctl32.dll
0x54803b InitCommonControls
EAT(Export Address Table) Library
0x461330 Start
kernel32.dll
0x548033 lstrcpy
comctl32.dll
0x54803b InitCommonControls
EAT(Export Address Table) Library
0x461330 Start