Report - newpinf.exe

UPX PE File PE32
ScreenShot
Created 2024.04.17 07:35 Machine s1_win7_x6403
Filename newpinf.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
8
Behavior Score
1.2
ZERO API file : clean
VT API (file) 49 detected (AIDetectMalware, Malicious, score, Artemis, GandCrab, unsafe, Zeropi, V48v, confidence, 100%, Attribute, HighConfidence, high confidence, AGen, klqdzp, Phorpiex, CLASSIC, dzptg, DownLoader46, USBLDF24, Outbreak, Detected, ai score=88, Sabsik, 17C6J32, BScope, Propriex, Gencirc)
md5 f4355af73c2dd6e8eb69f29570431f6a
sha256 31be31131a00b743ea598caf706b7c08703d98c3b90aed0523a0aace6ebe318c
ssdeep 384:4QpiPUjq7B0CiUAxIAtlYxJ4JVB00/XMSKRC:uPUu7cUyTYOv/X3
imphash fb0ee5bafbb99ce467989526f0be15c6
impfuzzy 24:6a2KktNnv5F7Wt40771Bz9vUdRkHlldvCAlUdMI15E:6aHYNnTWt4U71l98dyHDBd+R5E
  Network IP location

Signature (1cnts)

Level Description
danger File has been identified by 49 AntiVirus engines on VirusTotal as malicious

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHLWAPI.dll
 0x40411c PathCombineW
 0x404120 StrCmpNW
MSVCR90.dll
 0x4040a0 _crt_debugger_hook
 0x4040a4 _controlfp_s
 0x4040a8 _invoke_watson
 0x4040ac _except_handler4_common
 0x4040b0 _decode_pointer
 0x4040b4 _onexit
 0x4040b8 _lock
 0x4040bc __dllonexit
 0x4040c0 _unlock
 0x4040c4 ?terminate@@YAXXZ
 0x4040c8 __set_app_type
 0x4040cc _encode_pointer
 0x4040d0 __p__fmode
 0x4040d4 __p__commode
 0x4040d8 _adjust_fdiv
 0x4040dc __setusermatherr
 0x4040e0 _configthreadlocale
 0x4040e4 _initterm_e
 0x4040e8 _initterm
 0x4040ec _acmdln
 0x4040f0 exit
 0x4040f4 _ismbblead
 0x4040f8 _XcptFilter
 0x4040fc _exit
 0x404100 _cexit
 0x404104 __getmainargs
 0x404108 _amsg_exit
 0x40410c wcsstr
 0x404110 memcpy
 0x404114 memset
KERNEL32.dll
 0x404010 IsDebuggerPresent
 0x404014 UnhandledExceptionFilter
 0x404018 GetCurrentProcess
 0x40401c TerminateProcess
 0x404020 GetSystemTimeAsFileTime
 0x404024 GetCurrentProcessId
 0x404028 GetCurrentThreadId
 0x40402c GetTickCount
 0x404030 QueryPerformanceCounter
 0x404034 SetUnhandledExceptionFilter
 0x404038 GetStartupInfoA
 0x40403c InterlockedCompareExchange
 0x404040 InterlockedExchange
 0x404044 ExitThread
 0x404048 FindFirstFileW
 0x40404c lstrcmpW
 0x404050 FindNextFileW
 0x404054 GetLogicalDrives
 0x404058 GetDriveTypeW
 0x40405c QueryDosDeviceW
 0x404060 lstrcpyW
 0x404064 GetFileSize
 0x404068 CreateFileMappingA
 0x40406c MapViewOfFile
 0x404070 FlushViewOfFile
 0x404074 UnmapViewOfFile
 0x404078 SetFilePointer
 0x40407c SetEndOfFile
 0x404080 CreateFileW
 0x404084 CloseHandle
 0x404088 CreateThread
 0x40408c ExitProcess
 0x404090 GetLastError
 0x404094 CreateMutexA
 0x404098 Sleep
USER32.dll
 0x404128 CharLowerW
ADVAPI32.dll
 0x404000 RegCloseKey
 0x404004 RegOpenKeyExW
 0x404008 RegQueryValueExW
ole32.dll
 0x404130 CoInitializeEx

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure