ScreenShot
| Created | 2024.06.09 04:21 | Machine | s1_win7_x6401 |
| Filename | ghsalncr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, Malicious, score, Unsafe, Save, Attribute, HighConfidence, high confidence, VMProtect, BC suspicious, FileRepMalware, Real Protect, high, Generic ML PUA, ZexaF, @FW@a0o855hi, BScope, TrojanPSW, Static AI, Malicious PE, susgen) | ||
| md5 | 6ec12dab45f4cd794945a73eabdcd9d3 | ||
| sha256 | a2a737673cb1738dd4efdf0480c98a8be62456b7dcba2bfa0acab0069d2f7b48 | ||
| ssdeep | 196608:FDcvEibEh6RqG6VGUqbzgiv9r1lmGSiWi969yY+YKFBI76xvur3CFR1fJtl85V6P:FQvE8EhqQVGciv9ZlmmWs69n+YKTIWtr | ||
| imphash | 54928f5c806db0ef321db890e574e10a | ||
| impfuzzy | 3:s+MQT+rzsLAJBO7oAAJo1MO/OywSx2AEZsWBJAEPwS9KTXzW:vWsolJoZ/O4ErBJAEHGDW | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa41000 SleepConditionVariableSRW
KERNEL32.dll
0xa41008 HeapAlloc
0xa4100c HeapFree
0xa41010 ExitProcess
0xa41014 GetModuleHandleA
0xa41018 LoadLibraryA
0xa4101c GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0xa41000 SleepConditionVariableSRW
KERNEL32.dll
0xa41008 HeapAlloc
0xa4100c HeapFree
0xa41010 ExitProcess
0xa41014 GetModuleHandleA
0xa41018 LoadLibraryA
0xa4101c GetProcAddress
EAT(Export Address Table) is none