popup

Report - 2345.exe

Generic Malware Malicious Packer Malicious Library UPX Anti_VM PE File PE32 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.06.19 10:03 Machine s1_win7_x6401
Filename 2345.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
7
 Behavior Score
5.2
ZERO API file : mailcious
VT API (file) 62 detected (AIDetectMalware, ltVd, Malicious, score, GenericRI, S30113158, Zusy, Unsafe, Save, Attribute, HighConfidence, high confidence, NoobyProtect, G suspicious, Artemis, RATX, Farfli, cmfp, jzhxie, Convagent, zuAiFNUDi8N, inrrq, Siggen2, R002C0DFI24, moderate, Detected, ai score=89, GrayWare, SafeGuard, Amtar, KNB@4wlm66, Mikey, ABRisk, MXGW, R505469, ZexaF, Zw2@aqiPhMki, TScope, ChinAd, Gencirc, b4WqpmOVffQ, Static AI, Malicious PE, MxResIcn, Behavior, ctjQ)
md5 7936c4064fbc9b69fba8b5f0d44a2482
sha256 1ff3a794b0cefe6c10c3c91b93bb6bf5e58054a7d2ce51c987fb32a82d5e929b
ssdeep 49152:njt8sWSux8S7P4jqNPSqc1I6LcNx6fyW4WF1eGfaGf1W/FkGJZllE+wD:BPWSux8SAGSVcTQYq1eGfMdbzlbwD
imphash 4a953c8bd157b2716295e2979b6789e2
impfuzzy 12:GXtqw1ctXuBZR9cyYXhKnggdwCjQr9HG2P2hLw:G9jelWZfxYRCqCjqJM0
  Network IP location

Signature (12cnts)

Level Description
danger File has been identified by 62 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
watch Tries to unhook Windows functions monitored by Cuckoo
notice Allocates read-write-execute memory (usually to unpack itself)
notice Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice Repeatedly searches for a not-found process
notice Searches running processes potentially to identify processes for sandbox evasion
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
152.136.174.2
whois
CN Shenzhen Tencent Computer Systems Company Limited 152.136.174.2 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x97b39d RtlUnwind
USER32.dll
 0x97b3a9 LoadMenuW
GDI32.dll
 0x97b3b5 SelectObject
MSIMG32.dll
 0x97b3c1 TransparentBlt
WINSPOOL.DRV
 0x97b3cd OpenPrinterA
ADVAPI32.dll
 0x97b3d9 RegCreateKeyExA
SHELL32.dll
 0x97b3e5 DragQueryFileA
SHLWAPI.dll
 0x97b3f1 PathFindExtensionA
UxTheme.dll
 0x97b3fd GetThemeSysColor
ole32.dll
 0x97b409 OleDestroyMenuDescriptor
OLEAUT32.dll
 0x97b415 SysFreeString
oledlg.dll
 0x97b421 None
OLEACC.dll
 0x97b42d AccessibleObjectFromWindow
gdiplus.dll
 0x97b439 GdipDrawImageRectI
IMM32.dll
 0x97b445 ImmReleaseContext
WINMM.dll
 0x97b451 PlaySoundA
MSVCRT.dll
 0x97b45d strncpy
IPHLPAPI.DLL
 0x97b469 GetInterfaceInfo
PSAPI.DLL
 0x97b475 GetMappedFileNameW

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure