ScreenShot
| Created | 2024.05.17 09:38 | Machine | s1_win7_x6403 |
| Filename | ms.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (AIDetectMalware, Meterpreter, Malicious, score, Artemis, Midie, unsafe, Vdci, Attribute, HighConfidence, high confidence, ShellcodeRunner, MalwareX, Shlem, QuzYaJOyUdF, MeterpreterSC, jdntv, COBEACON, YXEEPZ, Detected, ai score=80, ABRisk, XUJJ, Tiny, Runner, Cobaltstrike) | ||
| md5 | da982330a3e82337e9a2aacae9b285ba | ||
| sha256 | 1bcb29aabc1d6bc9adaaae91948b748bf2785017d78728166a528f693ac49527 | ||
| ssdeep | 192:1pdqpC17EVylIBr8J7W53yZE2GVm/0lzIe7pRgE:1HlEVylIBr8BsCZN36DpRg | ||
| imphash | cd8364932f1dd33abd2e1510015f9238 | ||
| impfuzzy | 6:HdJrKiJqbRYFs0WZIAuH5sJxSoD4sIWvFd:9J7JqbuM9+5kv | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x4037cc atoi
0x4037d4 strlen
0x4037dc malloc
0x4037e4 sscanf
0x4037ec clock
0x4037f4 printf
0x4037fc memset
0x403804 strcpy
0x40380c strcat
0x403814 memmove
0x40381c __set_app_type
0x403824 _controlfp
0x40382c __argc
0x403834 __argv
0x40383c _environ
0x403844 __getmainargs
0x40384c exit
kernel32.dll
0x40385c Sleep
0x403864 VirtualAlloc
EAT(Export Address Table) is none
msvcrt.dll
0x4037cc atoi
0x4037d4 strlen
0x4037dc malloc
0x4037e4 sscanf
0x4037ec clock
0x4037f4 printf
0x4037fc memset
0x403804 strcpy
0x40380c strcat
0x403814 memmove
0x40381c __set_app_type
0x403824 _controlfp
0x40382c __argc
0x403834 __argv
0x40383c _environ
0x403844 __getmainargs
0x40384c exit
kernel32.dll
0x40385c Sleep
0x403864 VirtualAlloc
EAT(Export Address Table) is none