popup

Report - CONT.exe

UPX PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.01 14:56 Machine s1_win7_x6401
Filename CONT.exe
Type PE32 executable (console) Intel 80386, for MS Windows
AI Score
2
 Behavior Score
1.0
ZERO API file : clean
VT API (file) 2 detected (AIDetectMalware, malicious, moderate confidence)
md5 1cdf5a27c0f2ceaf51055ed3721d5c32
sha256 3abee122a435b2e85a1d29c754fa729e05c3ffccad24f67f62d67b3686f9e05a
ssdeep 768:BfGsLWKNqv9zDO5zfGsLWKNqv9zDO5mfyXAehtY3TEEtlhEBgiiVLFlDch6hGgGV:L6i49O/6i49OcwYZNvS6i49OH6i49O
imphash 4d14d19b876bbb7a86ffba329be9d956
impfuzzy 24:FM1fJhgSSvFkvCSRpVlGroq57qvBgN6bRYPuIv:YfJhgsqYbGrV9YgN6bRYWIv
  Network IP location

Signature (4cnts)

Level Description
notice File has been identified by 2 AntiVirus engines on VirusTotal as malicious
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0x404000 RegCloseKey
 0x404004 RegQueryValueExW
KERNEL32.dll
 0x40402c GetSystemTimeAsFileTime
 0x404030 GetCurrentThreadId
 0x404034 UnhandledExceptionFilter
 0x404038 QueryPerformanceCounter
 0x40403c GetModuleHandleW
 0x404040 SetUnhandledExceptionFilter
 0x404044 Sleep
 0x404048 GetTickCount
 0x40404c GetCurrentProcess
 0x404050 CloseHandle
 0x404054 SetEvent
 0x404058 OpenEventW
 0x40405c GetLastError
 0x404060 CompareStringOrdinal
 0x404064 TerminateProcess
 0x404068 GetCurrentProcessId
 0x40406c ResolveDelayLoadedAPI
 0x404070 DelayLoadFailureHook
msvcrt.dll
 0x404078 _controlfp
 0x40407c ?terminate@@YAXXZ
 0x404080 _except_handler4_common
 0x404084 _initterm
 0x404088 __setusermatherr
 0x40408c __p__fmode
 0x404090 _cexit
 0x404094 _exit
 0x404098 exit
 0x40409c __set_app_type
 0x4040a0 __wgetmainargs
 0x4040a4 _amsg_exit
 0x4040a8 __p__commode
 0x4040ac _XcptFilter
 0x4040b0 _vsnwprintf
 0x4040b4 memset
newdev.dll
 0x4040bc DiUninstallDevice
DEVOBJ.dll
 0x40400c DevObjUninstallDevice
 0x404010 DevObjDestroyDeviceInfoList
 0x404014 DevObjGetDeviceInstanceId
 0x404018 DevObjGetClassDevs
 0x40401c DevObjCreateDeviceInfoList
 0x404020 DevObjOpenDevRegKey
 0x404024 DevObjEnumDeviceInfo

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure