ScreenShot
Created | 2024.06.19 10:03 | Machine | s1_win7_x6401 |
Filename | 2345.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 62 detected (AIDetectMalware, ltVd, Malicious, score, GenericRI, S30113158, Zusy, Unsafe, Save, Attribute, HighConfidence, high confidence, NoobyProtect, G suspicious, Artemis, RATX, Farfli, cmfp, jzhxie, Convagent, zuAiFNUDi8N, inrrq, Siggen2, R002C0DFI24, moderate, Detected, ai score=89, GrayWare, SafeGuard, Amtar, KNB@4wlm66, Mikey, ABRisk, MXGW, R505469, ZexaF, Zw2@aqiPhMki, TScope, ChinAd, Gencirc, b4WqpmOVffQ, Static AI, Malicious PE, MxResIcn, Behavior, ctjQ) | ||
md5 | 7936c4064fbc9b69fba8b5f0d44a2482 | ||
sha256 | 1ff3a794b0cefe6c10c3c91b93bb6bf5e58054a7d2ce51c987fb32a82d5e929b | ||
ssdeep | 49152:njt8sWSux8S7P4jqNPSqc1I6LcNx6fyW4WF1eGfaGf1W/FkGJZllE+wD:BPWSux8SAGSVcTQYq1eGfMdbzlbwD | ||
imphash | 4a953c8bd157b2716295e2979b6789e2 | ||
impfuzzy | 12:GXtqw1ctXuBZR9cyYXhKnggdwCjQr9HG2P2hLw:G9jelWZfxYRCqCjqJM0 |
Network IP location
Signature (12cnts)
Level | Description |
---|---|
danger | File has been identified by 62 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
watch | Tries to unhook Windows functions monitored by Cuckoo |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
notice | Repeatedly searches for a not-found process |
notice | Searches running processes potentially to identify processes for sandbox evasion |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | One or more processes crashed |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x97b39d RtlUnwind
USER32.dll
0x97b3a9 LoadMenuW
GDI32.dll
0x97b3b5 SelectObject
MSIMG32.dll
0x97b3c1 TransparentBlt
WINSPOOL.DRV
0x97b3cd OpenPrinterA
ADVAPI32.dll
0x97b3d9 RegCreateKeyExA
SHELL32.dll
0x97b3e5 DragQueryFileA
SHLWAPI.dll
0x97b3f1 PathFindExtensionA
UxTheme.dll
0x97b3fd GetThemeSysColor
ole32.dll
0x97b409 OleDestroyMenuDescriptor
OLEAUT32.dll
0x97b415 SysFreeString
oledlg.dll
0x97b421 None
OLEACC.dll
0x97b42d AccessibleObjectFromWindow
gdiplus.dll
0x97b439 GdipDrawImageRectI
IMM32.dll
0x97b445 ImmReleaseContext
WINMM.dll
0x97b451 PlaySoundA
MSVCRT.dll
0x97b45d strncpy
IPHLPAPI.DLL
0x97b469 GetInterfaceInfo
PSAPI.DLL
0x97b475 GetMappedFileNameW
EAT(Export Address Table) is none
KERNEL32.dll
0x97b39d RtlUnwind
USER32.dll
0x97b3a9 LoadMenuW
GDI32.dll
0x97b3b5 SelectObject
MSIMG32.dll
0x97b3c1 TransparentBlt
WINSPOOL.DRV
0x97b3cd OpenPrinterA
ADVAPI32.dll
0x97b3d9 RegCreateKeyExA
SHELL32.dll
0x97b3e5 DragQueryFileA
SHLWAPI.dll
0x97b3f1 PathFindExtensionA
UxTheme.dll
0x97b3fd GetThemeSysColor
ole32.dll
0x97b409 OleDestroyMenuDescriptor
OLEAUT32.dll
0x97b415 SysFreeString
oledlg.dll
0x97b421 None
OLEACC.dll
0x97b42d AccessibleObjectFromWindow
gdiplus.dll
0x97b439 GdipDrawImageRectI
IMM32.dll
0x97b445 ImmReleaseContext
WINMM.dll
0x97b451 PlaySoundA
MSVCRT.dll
0x97b45d strncpy
IPHLPAPI.DLL
0x97b469 GetInterfaceInfo
PSAPI.DLL
0x97b475 GetMappedFileNameW
EAT(Export Address Table) is none