ScreenShot
| Created | 2024.04.13 11:20 | Machine | s1_win7_x6401 |
| Filename | AppGate2103v15.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 5c0d04ccd0cbcd8cc90a502df8b512e7 | ||
| sha256 | bc84c3a9cfeb083fe41a238c55ea3163b5c9e5103fee0a7d7f4d8a1236b6d22d | ||
| ssdeep | 49152:fEOGfMr0UrM21zm6mVonU7JCGjh9FDrjop1jy50JtrD2sGxgLJ+r8+NSR63xrO0s:rtr0CnnGJCGl9GDnrNGaLJ5RKxy | ||
| imphash | dde04a4a91a59ef24083f245b804ae7b | ||
| impfuzzy | 3:sUx2AEZsS9KTXz/HAVXWKjKX9CROXKLbW7uRWEJzowKWbsKnqMEleA+n:nERGDfAVGKjHRgKLbGeYwNbsKn3EQn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | MPRESS_Zero | MPRESS packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32
0x14070508c GetModuleHandleA
0x140705094 GetProcAddress
USER32.dll
0x1407050a4 GetCursorPos
ADVAPI32.dll
0x1407050b4 RegCloseKey
SHELL32.dll
0x1407050c4 SHGetFolderPathA
ole32.dll
0x1407050d4 CoCreateInstance
OLEAUT32.dll
0x1407050e4 VariantClear
EAT(Export Address Table) is none
KERNEL32
0x14070508c GetModuleHandleA
0x140705094 GetProcAddress
USER32.dll
0x1407050a4 GetCursorPos
ADVAPI32.dll
0x1407050b4 RegCloseKey
SHELL32.dll
0x1407050c4 SHGetFolderPathA
ole32.dll
0x1407050d4 CoCreateInstance
OLEAUT32.dll
0x1407050e4 VariantClear
EAT(Export Address Table) is none